Re: [xml] xmllint --postvalid sigsegv if no DTD present

From: John Fleck <jfleck inkstain net>
To: Petr Pajas <pajas ufal ms mff cuni cz>
Cc: libxml2 <xml gnome org>
Subject: Re: [xml] xmllint --postvalid sigsegv if no DTD present
Date: Mon, 27 Oct 2003 19:55:46 -0700

I can duplicate this with 2.6.0 (not with 2.5.11). Filed a bug so it
won't get lost:

http://bugzilla.gnome.org/show_bug.cgi?id=125653

Cheers,
John

On Mon, 2003-10-27 at 12:54, Petr Pajas wrote:

Hi Daniel,

I'm experiencing this with XML::LibXML too, but this time its 
reproducible with xmllint (applied on the attached document missing a DTD):

$ valgrind xmllint --postvalid example/article_bad.xml
==984== Memcheck, a.k.a. Valgrind, a memory error detector for x86-linux.
==984== Copyright (C) 2002, and GNU GPL'd, by Julian Seward.
==984== Using valgrind-1.9.5pre, a program instrumentation system for 
x86-linux.
==984== Copyright (C) 2000-2002, and GNU GPL'd, by Julian Seward.
==984== Estimated CPU clock rate is 909 MHz
==984== For more details, rerun with: -v
==984==
<?xml version="1.0"?>
<article>
<pubData>Something here</pubData>
<pubArticleID>12345</pubArticleID>
<pubName>XML.com</pubName>
<section>Foo</section>
<lead>Here's some leading text</lead>
<rest>And here is the rest...</rest>
</article>
==984== Invalid read of size 4
==984==    at 0x40228D95: __xmlRaiseError (error.c:455)
==984==    by 0x40256D15: xmlErrValid (valid.c:125)
==984==    by 0x4025F27C: xmlValidateDocument (valid.c:6457)
==984==    by 0x804BDDB: parseAndPrintFile (xmllint.c:1174)
==984==    Address 0xFBAD20F2 is not stack'd, malloc'd or free'd
Segmentation fault

If it could be of any help,
in the XML::LibXML case (same document), valgrind says:

==1029== Invalid read of size 4
==1029==    at 0x40228D95: __xmlRaiseError (error.c:455)
==1029==    by 0x40256E15: xmlErrValidNode (valid.c:171)
==1029==    by 0x4025D604: xmlValidateElementContent (valid.c:5138)
==1029==    by 0x4025E0BD: xmlValidateOneElement (valid.c:5819)
==1029==    Address 0x41401C0C is 0 bytes after a block of size 20 free'd
==1029==    at 0x401631DC: free (in /usr/lib/valgrind/valgrind.so)
==1029==    by 0x81247FD: Perl_PerlIO_close (in /usr/bin/perl)
==1029==    by 0x80766FA: Perl_yylex (in /usr/bin/perl)
==1029==    by 0x8088501: Perl_yyparse (in /usr/bin/perl)
==1029==
==1029== Invalid write of size 4
==1029==    at 0x40228CE3: __xmlRaiseError (error.c:515)
==1029==    by 0x40256E15: xmlErrValidNode (valid.c:171)
==1029==    by 0x4025D604: xmlValidateElementContent (valid.c:5138)
==1029==    by 0x4025E0BD: xmlValidateOneElement (valid.c:5819)
==1029==    Address 0x41401A94 is 4 bytes after a block of size 40 alloc'd
==1029==    at 0x40162F43: malloc (in /usr/lib/valgrind/valgrind.so)
==1029==    by 0x80AB505: Perl_safesysmalloc (in /usr/bin/perl)
==1029==    by 0x8124248: PerlIO_push (in /usr/bin/perl)
==1029==    by 0x812861A: PerlIOBuf_open (in /usr/bin/perl)
==1029==
==1029== Invalid write of size 4
==1029==    at 0x40228CF7: __xmlRaiseError (error.c:517)
==1029==    by 0x40256E15: xmlErrValidNode (valid.c:171)
==1029==    by 0x4025D604: xmlValidateElementContent (valid.c:5138)
==1029==    by 0x4025E0BD: xmlValidateOneElement (valid.c:5819)
==1029==    Address 0x41401A98 is 8 bytes after a block of size 40 alloc'd
==1029==    at 0x40162F43: malloc (in /usr/lib/valgrind/valgrind.so)
==1029==    by 0x80AB505: Perl_safesysmalloc (in /usr/bin/perl)
==1029==    by 0x8124248: PerlIO_push (in /usr/bin/perl)
==1029==    by 0x812861A: PerlIOBuf_open (in /usr/bin/perl)
==1029==
==1029== Invalid write of size 4
==1029==    at 0x40228D13: __xmlRaiseError (error.c:519)
==1029==    by 0x40256E15: xmlErrValidNode (valid.c:171)
==1029==    by 0x4025D604: xmlValidateElementContent (valid.c:5138)
==1029==    by 0x4025E0BD: xmlValidateOneElement (valid.c:5819)
==1029==    Address 0x41401A9C is 12 bytes after a block of size 40 alloc'd
==1029==    at 0x40162F43: malloc (in /usr/lib/valgrind/valgrind.so)
==1029==    by 0x80AB505: Perl_safesysmalloc (in /usr/bin/perl)
==1029==    by 0x8124248: PerlIO_push (in /usr/bin/perl)
==1029==    by 0x812861A: PerlIOBuf_open (in /usr/bin/perl)
==1029==
==1029== Invalid write of size 4
==1029==    at 0x40228D2F: __xmlRaiseError (error.c:521)
==1029==    by 0x40256E15: xmlErrValidNode (valid.c:171)
==1029==    by 0x4025D604: xmlValidateElementContent (valid.c:5138)
==1029==    by 0x4025E0BD: xmlValidateOneElement (valid.c:5819)
==1029==    Address 0x41401AA0 is not stack'd, malloc'd or free'd
==1029==
==1029== Invalid write of size 4
==1029==    at 0x40228D3B: __xmlRaiseError (error.c:522)
==1029==    by 0x40256E15: xmlErrValidNode (valid.c:171)
==1029==    by 0x4025D604: xmlValidateElementContent (valid.c:5138)
==1029==    by 0x4025E0BD: xmlValidateOneElement (valid.c:5819)
==1029==    Address 0x41401AA4 is not stack'd, malloc'd or free'd
==1029==
==1029== Invalid write of size 4
==1029==    at 0x40228D41: __xmlRaiseError (error.c:523)
==1029==    by 0x40256E15: xmlErrValidNode (valid.c:171)
==1029==    by 0x4025D604: xmlValidateElementContent (valid.c:5138)
==1029==    by 0x4025E0BD: xmlValidateOneElement (valid.c:5819)
==1029==    Address 0x41401AA8 is not stack'd, malloc'd or free'd
==1029==
==1029== Invalid write of size 4
==1029==    at 0x40228D47: __xmlRaiseError (error.c:524)
==1029==    by 0x40256E15: xmlErrValidNode (valid.c:171)
==1029==    by 0x4025D604: xmlValidateElementContent (valid.c:5138)
==1029==    by 0x4025E0BD: xmlValidateOneElement (valid.c:5819)
==1029==    Address 0x41401AB0 is 16 bytes before a block of size 20 alloc'd
==1029==    at 0x40162F43: malloc (in /usr/lib/valgrind/valgrind.so)
==1029==    by 0x80AB505: Perl_safesysmalloc (in /usr/bin/perl)
==1029==    by 0x8124248: PerlIO_push (in /usr/bin/perl)
==1029==    by 0x81266EF: PerlIOUnix_open (in /usr/bin/perl)
==1029==
==1029== Invalid write of size 4
==1029==    at 0x40228D52: __xmlRaiseError (error.c:525)
==1029==    by 0x40256E15: xmlErrValidNode (valid.c:171)
==1029==    by 0x4025D604: xmlValidateElementContent (valid.c:5138)
==1029==    by 0x4025E0BD: xmlValidateOneElement (valid.c:5819)
==1029==    Address 0x41401AAC is not stack'd, malloc'd or free'd

-- Petr

______________________________________________________________________
<article>
<pubData>Something here</pubData>
<pubArticleID>12345</pubArticleID>
<pubName>XML.com</pubName>
<section>Foo</section>
<lead>Here's some leading text</lead>
<rest>And here is the rest...</rest>
</article>

-- 
John Fleck
jfleck inkstain net (h)
http://www.inkstain.net

"It makes me mad when someone writes or draws
 something that I can't get right away!"
 - Zippy the Pinhead

References:
- [xml] xmllint --postvalid sigsegv if no DTD present
  - From: Petr Pajas

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]