Re: [xml] xmlParserHandleReference anyone?



On Thu, Jun 13, 2002 at 08:27:25AM -0400, Daniel Veillard wrote:
BTW I reran xsltproc recently under valgrind (memory debug tool) using
DocBook workload, and I see a new problem in xmlParserHandlePEReference()
==13347== Invalid read of size 1
==13347==    at 0x807433E: xmlParserHandlePEReference (parser.c:903)
==13347==    by 0x8071712: xmlNextChar (parserInternals.c:1212)
==13347==    by 0x807379D: xmlSkipBlankChars (parser.c:379)
==13347==    by 0x807A4C9: xmlParseAttributeListDecl (parser.c:4255)
==13347==    Address 0x455C61B7 is 0 bytes after a block of size 55 alloc'd
==13347==    at 0x400613BE: malloc (vg_clientmalloc.c:618)
==13347==    by 0x808C752: xmlMallocLoc (xmlmemory.c:168)
==13347==    by 0x808C825: xmlMemMalloc (xmlmemory.c:221)
==13347==    by 0x8073FFF: xmlNewBlanksWrapperInputStream (parser.c:701)
==13347== 
==13347== Invalid read of size 1
==13347==    at 0x8074355: xmlParserHandlePEReference (parser.c:905)
==13347==    by 0x8071712: xmlNextChar (parserInternals.c:1212)
==13347==    by 0x807379D: xmlSkipBlankChars (parser.c:379)
==13347==    by 0x807A4C9: xmlParseAttributeListDecl (parser.c:4255)
==13347==    Address 0x455C61B8 is 1 bytes after a block of size 55 alloc'd
==13347==    at 0x400613BE: malloc (vg_clientmalloc.c:618)
==13347==    by 0x808C752: xmlMallocLoc (xmlmemory.c:168)
==13347==    by 0x808C825: xmlMemMalloc (xmlmemory.c:221)
==13347==    by 0x8073FFF: xmlNewBlanksWrapperInputStream (parser.c:701)
==13347== 

  basically it seems we now have PE refs substititions whose string is
smaller than 4 bytes, and hence leading to uninitialized memory accesses,
seems a small test is needed before the char encoding detection code.

  Don't worry about this one, I fixed it and commited in CVS,

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]