[no subject]
This is a really dumbed down example of the segfault (segfaults in =
2.5.11 as well as 2.6.8):
int ret;
xmlTextReaderPtr myreader;
myreader =3D xmlNewTextReaderFilename(source); /*source is valid file =
and does create valid xmlTextReaderPtr */
ret =3D xmlTextReaderClose(myreader); /* Closes fine */
xmlFreeTextReader(myreader); /* segfaults here as reader->ctxt is =
garbage */
----- Original Message -----=20
From: Jones, Mark A (Mark)=20
To: 'Rob Richards' ; xml gnome org ; Jones, Mark A (Mark)=20
Sent: Saturday, April 17, 2004 10:47 AM
Subject: RE: [xml] xmlTextReaderClose causing segfault
I reported the same problem some time ago, but found that I had a =
couple ot things wrong with my code (using gdb/valgrind of course). =20
I had a code sequence like:
xmlTextReaderPtr reader;=20
...
reader =3D xmlReaderForMemory (buf, size, NULL, NULL, 0);
while (ret =3D=3D 1) {
... =20
ret =3D xmlTextReaderNext(reader); // skip subtree ...
...=20
ret =3D xmlTextReaderRead(reader); ...
}=20
....
xmlFreeTextReader(reader); // THIS USE TO CAUSE A SEG =
VIOLATION trying to free reader->ctxt
After doing some stack reorganization, in a few (c++) routines, I =
found the real cause of my problem - over-writing some other variable. =
While I don't know your code organization, I would recommend using some =
tools (gdb, valgrind, etc) to help debug. There may still be a bug in =
this area, I am simply not seeing the one I saw anymore; I'm using =
libxml2.6.5.
I've found that these kinds of bugs/features can be very nasty and =
hard to sort out. Good luck to you.
M. Jones
------=_NextPart_000_05F3_01C42470.B13F4FB0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I have gone through with a debugger and =
even tried=20
dumbing it way down. Its only when I try to use xmlTextReaderClose that =
the=20
problem happens as that is one of the 2 places (other than =
xmlFreeTextReader)=20
where xmlFreeParserCtxt is called. Once I make the call to =
xmlTextReaderClose,=20
the final call to xmlFreeTextReader segfaults (actually in =
xmlTextReaderFreeDoc)=20
as the first test for the context in xmlFreeTextReader is:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>if (reader->ctxt !=3D NULL) { // =
Here it is not=20
NULL but has already been freed so it's garabge).</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>From what I am seeing is that if =
xmlTextReaderClose=20
is called and the context is freed, I cant free the reader at the end or =
I end=20
up with a segfault.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>This is a really dumbed down example of =
the=20
segfault (segfaults in 2.5.11 as well as 2.6.8):</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>int ret;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>xmlTextReaderPtr myreader;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>myreader =3D =
xmlNewTextReaderFilename(source);=20
/*source is valid file and does create valid xmlTextReaderPtr =
*/</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>ret =3D xmlTextReaderClose(myreader); =
/* Closes fine=20
*/<BR>xmlFreeTextReader(myreader); /* segfaults here as reader->ctxt =
is=20
garbage */</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A title=3Djones lucent com href=3D"mailto:jones lucent com">Jones, =
Mark A=20
(Mark)</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Drrichards ctindustries net=20
href=3D"mailto:rrichards ctindustries net">'Rob Richards'</A> ; <A=20
title=3Dxml gnome org href=3D"mailto:xml gnome org">xml gnome org</A> =
; <A=20
title=3Djones lucent com href=3D"mailto:jones lucent com">Jones, Mark =
A (Mark)</A>=20
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Saturday, April 17, 2004 =
10:47=20
AM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> RE: [xml] =
xmlTextReaderClose=20
causing segfault</DIV>
<DIV><BR></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT face=3DArial =
color=3D#0000ff size=3D2>I=20
reported the same problem some time ago, but found that I had a couple =
ot=20
things wrong with my code (using gdb/valgrind of course). =20
</FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D745452914-17042004><FONT face=3DArial =
color=3D#0000ff size=3D2>I=20
had a code sequence like:</FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2>xmlTextReaderPtr =
reader;=20
</FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT =
size=3D2>...</FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2>reader =3D =
xmlReaderForMemory=20
(buf, size, NULL, NULL, 0);</FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2>while (ret =3D=3D =
1) <SPAN=20
class=3D745452914-17042004>{</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2><SPAN=20
class=3D745452914-17042004></SPAN><SPAN=20
class=3D745452914-17042004> ... =20
</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2><SPAN=20
class=3D745452914-17042004> </SPAN>ret =3D=20
xmlTextReaderNext(reader); <SPAN=20
class=3D745452914-17042004> // skip subtree=20
...</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2><SPAN=20
class=3D745452914-17042004> ... =
</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2><SPAN=20
class=3D745452914-17042004> r</SPAN>et =3D=20
xmlTextReaderRead(reader); <SPAN=20
class=3D745452914-17042004>...</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2><SPAN=20
class=3D745452914-17042004> } </SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2><SPAN=20
class=3D745452914-17042004> =
....</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2><SPAN=20
class=3D745452914-17042004></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN class=3D745452914-17042004><FONT size=3D2><SPAN=20
class=3D745452914-17042004> </SPAN></FONT><FONT =
size=3D2><FONT=20
color=3D#ff0000>xmlFreeTextReader(reader); <SPAN=20
=
class=3D745452914-17042004> &nbs=
p; =20
// THIS USE TO CAUSE A SEG VIOLATION trying to free=20
reader->ctxt</SPAN></FONT></FONT></DIV></SPAN>
<DIV><SPAN class=3D745452914-17042004><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D745452914-17042004><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>After doing some stack reorganization, in a few (c++) =
routines, I found=20
the real cause of my problem - over-writing some other variable. =
While I=20
don't know your code organization, I would recommend using some tools =
(gdb,=20
valgrind, etc) to help debug. There may still be a bug in this =
area, I=20
am simply not seeing the one I saw anymore; I'm using=20
libxml2.6.5.</FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D745452914-17042004><FONT face=3DArial =
color=3D#0000ff size=3D2>I've=20
found that these kinds of bugs/features can be very nasty and hard to =
sort=20
out. Good luck to you.</FONT></SPAN></DIV>
<DIV><SPAN class=3D745452914-17042004><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D745452914-17042004><FONT face=3DArial =
color=3D#0000ff size=3D2>M.=20
Jones</FONT></SPAN></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_05F3_01C42470.B13F4FB0--
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
