Re: [xml] stack corruption (2.5.4)
- From: Daniel Veillard <veillard redhat com>
- To: Gary Pennington sun com
- Cc: Petr Pajas <pajas ufal ms mff cuni cz>, xml gnome org
- Subject: Re: [xml] stack corruption (2.5.4)
- Date: Wed, 30 Apr 2003 12:08:38 -0400
On Wed, Apr 30, 2003 at 04:02:27PM +0100, Gary Pennington sun com wrote:
On Wed, Apr 30, 2003 at 03:55:43PM +0100, Gary Pennington sun com wrote:
Ok, we've got a reproducible test case and I have some information.
If we apply the patch you sent out, then the stack corruption problem
disappears but we get a core dump when the document is freed.
This problem is caused by the following line in the patch:
ret->doc = NULL;
This will set the external subset of the document to have a null pointer.
In xmlUnlinkNode(), the following line causes the SIGSEGV:
if (cur->type == XML_DTD_NODE) {
xmlDocPtr doc;
doc = cur->doc;
if (doc->intSubset == (xmlDtdPtr) cur)
doc->intSubset = NULL;
if (doc->extSubset == (xmlDtdPtr) cur) <== SIGSEGV HERE
Oops, I of course meant SIGSEGV on the above line.
Okay, that's a libxml2 bug too. It get a pointer and dereference it
without checking it first against NULL, that part should really be:
if (cur->type == XML_DTD_NODE) {
xmlDocPtr doc;
doc = cur->doc;
if (doc != NULL) {
if (doc->intSubset == (xmlDtdPtr) cur)
doc->intSubset = NULL;
if (doc->extSubset == (xmlDtdPtr) cur)
doc->extSubset = NULL;
}
}
thanks for spotting this out.
Daniel
--
Daniel Veillard | Red Hat Network https://rhn.redhat.com/
veillard redhat com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
