Re: [xml] xmllint/Relax NG segfaulting
- From: "William M. Brack" <wbrack mmm com hk>
- To: veillard redhat com
- Cc: "Martijn Faassen" <faassen vet uu nl>, xml gnome org
- Subject: Re: [xml] xmllint/Relax NG segfaulting
- Date: Mon, 25 Aug 2003 18:28:24 +0800 (HKT)
On Mon, Aug 25, 2003 at 12:06:10AM +0200, Martijn Faassen wrote:
Hum, surprizing, provide the .rng and .xml so I can reproduce
the problem.
I assume taht by last release you mean 2.5.10, right ?
Yes, as soon as the crashing started I hand-compiled a 2.5.10
version,
but unfortunately that didn't help.
yeah, reproduced
Unfortunately I've been getting different segfault behavior
based on
which machine I am working on; my work Athlon crashes under
different
circumstances than my home Pentium 4.
Strange, really ! Provide both testcase, I will run them under
valgrind
it may help locating the problem.
Attached are both testcases, I run them as follows:
xmllint --noout --relaxng athloncrash.rng athloncrash.zcml
I just ran this under valgrind, it crashes in the same area as for
bug http://bugzilla.gnome.org/show_bug.cgi?id=120040 . This seems
the
exact same problem
paphio:~/XML -> valgrind --gdb-attach=yes xmllint --noout --relaxng
athloncrash.rng athloncrash.zcml
==19618== Memcheck, a.k.a. Valgrind, a memory error detector for
x86-linux.
==19618== Copyright (C) 2002-2003, and GNU GPL'd, by Julian Seward.
==19618== Using valgrind-20030725, a program supervision framework
for x86-linux.
[...]
==19618== Invalid write of size 4
==19618== at 0x80C60A2: xmlRelaxNGCopyValidState (relaxng.c:1157)
==19618== by 0x80D0200: xmlRelaxNGValidateState (relaxng.c:9595)
==19618== by 0x80D0C74: xmlRelaxNGValidateDefinition
(relaxng.c:10090)
==19618== by 0x80CF2D3: xmlRelaxNGValidateAttributeList
(relaxng.c:8847)
==19618== Address 0x41393C50 is bytes after a block of size 52
alloc'd
xmllint --noout --relaxng p4crash.rng p4crash.zcml
and same here:
paphio:~/XML -> valgrind --gdb-attach=yes xmllint --noout --relaxng
p4crash.rng
p4crash.zcml
==19747== Memcheck, a.k.a. Valgrind, a memory error detector for
x86-linux.
==19747== Copyright (C) 2002-2003, and GNU GPL'd, by Julian Seward.
[...]
==19747== Invalid write of size 4
==19747== at 0x80C60A2: xmlRelaxNGCopyValidState (relaxng.c:1157)
==19747== by 0x80D0200: xmlRelaxNGValidateState (relaxng.c:9595)
==19747== by 0x80D0C74: xmlRelaxNGValidateDefinition
(relaxng.c:10090)
==19747== by 0x80CF2D3: xmlRelaxNGValidateAttributeList
(relaxng.c:8847)
==19747== Address 0x414098B4 is bytes after a block of size 48
alloc'd
==19747== at 0x4002998A: realloc (vg_replace_malloc.c:299)
Seems there is a realloc but we are addressing over the end of the
allocated
array for attribute state when copying a validation state.
p4crash case is not whittled down but crashes on the p4. I haven't
tested
this on the athlon yet; it may or may not crash there.
it's strange that the crash depends on the architecture, but the
problem
is present generally and independant of the processor architecture
:-)
The good thing is that it's well identified, reproductible, and
possibly
well contained too.
In case anyone's curious, ZCML is Zope 3's configuration markup
language,
and described are mostly ways to hook up Zope 3's components by
interface. I'm writing a Relax NG schema not just to be able to
use it
for validation and specification, but also as a help to explore
ways in
which ZCML could be improved for clarity and modularity.
Immediate feedback without looking at the XML or the schemas, just
from
the debugger output, oyou seem to use too many attributes :-)
I really like Relax NG so far. I've been playing with it for
a while and it just fits my brain. Though I haven't explored all
features yet I already feel productive with it. Now if only those
crashes would go away!
I will make sure it's fixed in next release. Surprizing it was
never
found in previous releases or languages, I would have expected
DocBook
to have exercized that part of the code already. Maybe it's harder
than
it seems.
But I totally agree with you, Relax-NG is a really nice and
somewhat
intuitive language -- a challenge considering the domain !
Daniel
Give me a crash, and I'll give you a patch :-)
diff -u -r1.78 relaxng.c
--- relaxng.c 1 Aug 2003 15:55:39 -0000 1.78
+++ relaxng.c 25 Aug 2003 10:26:06 -0000
@@ -1075,6 +1075,7 @@
ctxt->error(ctxt->userData, "Out of memory\n");
return (ret);
}
+ ret->maxAttrs = nbAttrs;
ret->attrs = tmp;
}
ret->nbAttrs = nbAttrs;
@@ -1152,6 +1153,7 @@
ret->nbAttrs = 0;
return (ret);
}
+ ret->attrs = tmp;
ret->maxAttrs = state->maxAttrs;
}
memcpy(ret->attrs, state->attrs, state->nbAttrs *
sizeof(xmlAttrPtr));
Regards,
Bill
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]