After upgrading the FreeBSD port of libxml2 to 2.4.25, I noticed a seg
fault everytime the DTD validation code is run. This was first noticed
in scrollkeeper-0.3.11, but is also visible in xmllint. The following
command will produce the core dump:
xmllint --dtdvalid
/usr/X11R6/share/gnome/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd
/usr/X11R6/share/gnome/omf/eog/eog-C.omf
The backtrace is:
#0 0x280ae39b in nodeVPop (ctxt=0xbfbfe910) at valid.c:166
166 PUSH_AND_POP(static, xmlNodePtr, node)
(gdb) bt
#0 0x280ae39b in nodeVPop (ctxt=0xbfbfe910) at valid.c:166
#1 0x280b3fb3 in xmlValidateElementContent (ctxt=0xbfbfe910,
child=0x8062180,
elemDecl=0x8074c80, warn=1, parent=0x8062140) at valid.c:4629
#2 0x280b5487 in xmlValidateOneElement (ctxt=0xbfbfe910, doc=0x8060380,
elem=0x8062140) at valid.c:5157
#3 0x280b5cd8 in xmlValidateElement (ctxt=0xbfbfe910, doc=0x8060380,
elem=0x8062140) at valid.c:5394
#4 0x280b6185 in xmlValidateDtd (ctxt=0xbfbfe910, doc=0x8060380,
dtd=0x8074380) at valid.c:5583
#5 0x804a870 in vfprintf ()
#6 0x804b8c6 in vfprintf ()
#7 0x804967d in vfprintf ()
A similar backtrace is produced by scrollkeeper-rebuilddb (actually
scrollkeeper-update). The problem looks to be a free() issue based on
other xmllint errors produced by modifying some of the simpler test DTDs
included with libxml2. I haven't yet isolated the problem.
The above command worked flawlessly in libxml2-2.4.24 (i.e. the XML is
valid). The problem looks to have been introduced by the code in rev
1.125 of valid.c.
Joe
--
Joe Marcus Clarke
FreeBSD GNOME Team :: marcus FreeBSD org
http://www.FreeBSD.org/gnome
Attachment:
signature.asc
Description: This is a digitally signed message part