[xml] Bus Error xmlNodeSetContent 2.2.16 (long mail)

From: "Volker Roth" <pulken gmx net>
To: <xml gnome org>
Subject: [xml] Bus Error xmlNodeSetContent 2.2.16 (long mail)
Date: Fri, 19 Nov 2004 17:55:31 +0100
Hello again;

i make a libxml (2.2.16) with
./configure --prefix=/se/xml/voro/inst  --with-threads=no

on Solaris i got a core when i want to make xmlNodeSetContent.

Output from dbx:
program terminated by signal BUS (invalid address alignment)
0xff0449a4: _free_unlocked+0x0040:      ld      [%i0 - 0x8], %o0
Current function is freevoro
 1725      free(ptr);
(dbx) where
  [1] _free_unlocked(0x31c5bd, 0x776c8, 0x0, 0xff0bc000, 0x0, 0x0), at
0xff0449a
4
  [2] free(0x31c5bd, 0x2a4738, 0x31c5bd, 0x0, 0x0, 0x1), at 0xff044954
=>[3] freevoro(ptr = 0x31c5bd), line 1725 in "test_servicev.c"
  [4] xmlNodeSetContent(cur = 0x3393e0, content = 0x337ad0 "0"), line 5168
in "t
ree.c"
  [5] st_4630481_Node_SetTextUTF8(steuer = 0x31dc48, pNode = 0x339118, pText
= 0
x337ad0 "0"), line 1237 in "C4630481.c"
  [6] EdiXml_edifact_to_dom(steuer = 0x31dc48, pWorkElem = 0xffbff0b4,
ppDomOut
= 0xffbff0e8, ppErrEdifact = 0xffbff0e4), line 484 in "EdiXml.c"
  [7] main(argc = 1, argv = 0xffbff164), line 1206 in "test_servicev.c"
(dbx)


Output from bcheck -all:
<rtc> Misaligned free (maf):
Attempting to free a misaligned block at address 0x7b3f7d
    which is 525 bytes into a heap block of size 1024 bytes at 0x7b3d70
This block was allocated from:
 [1] mallocvoro() at line 1714 in "test_servicev.c"
 [2] xmlDictAddString() at line 103 in "dict.c"
 [3] xmlDictLookup() at line 573 in "dict.c"
 [4] xmlDetectSAX2() at line 605 in "parser.c"
 [5] xmlParseDocument() at line 8568 in "parser.c"
 [6] xmlDoRead() at line 12505 in "parser.c"
 [7] xmlCtxtReadFile() at line 12740 in "parser.c"
 [8] st_4630410_lp_getSchablone() at line 760 in "C4630410.c"
Location of error:
=>[1] freevoro(ptr = 0x7b3f7d), line 1725 in "test_servicev.c"
  [2] xmlNodeSetContent(cur = 0x7b1d98, content = 0x7af690 "0"), line 5168
in "tree.c"
  [3] st_4630481_Node_SetTextUTF8(steuer = 0x7a76c8, pNode = 0x7b1a20, pText
= 0x7af690 "0"), line 1237 in "C4630481.c"
  [4] EdiXml_edifact_to_dom(steuer = 0x7a76c8, pWorkElem = 0xffbfef84,
ppDomOut = 0xffbfefb8, ppErrEdifact = 0xffbfefb4), line 484 in "EdiXml.c"
  [5] main(argc = 1, argv = 0xffbff034), line 1206 in "test_servicev.c"

<rtc> Bad free (baf):
Attempting to free an unallocated block at address 0x7b3dcc
    which is into the heap; no blocks allocated
=>[1] freevoro(ptr = 0x7b3dcc), line 1725 in "test_servicev.c"
  [2] xmlNodeSetContent(cur = 0x7b4460, content = 0x2a41d8 ""), line 5168 in
"tree.c"
  [3] st_4630481_Node_SetTextUTF8(steuer = 0x7a76c8, pNode = 0x7b4408, pText
= (nil)), line 1231 in "C4630481.c"
  [4] st_4630481_DOM_Clear(steuer = 0x7a76c8, ppDOM = 0xffbfec9c), line 4018
in "C4630481.c"
  [5] st_4630410_lp_getSchablone(steuer = 0x7a76c8, pNachrichtTypVersion =
0x7c1778 "BRBA_01", ppSchablone = 0xffbfed60), line 712 in "C4630410.c"
  [6] EdiXml_edifact_to_dom(steuer = 0x7a76c8, pWorkElem = 0xffbfef84,
ppDomOut = 0xffbfefb8, ppErrEdifact = 0xffbfefb4), line 153 in "EdiXml.c"
  [7] main(argc = 1, argv = 0xffbff034), line 1206 in "test_servicev.c"


Actual leaks report    (actual leaks:       321  total size:     998 bytes)

ok, i think the following leaks are the result of the core ....
=======================================

<rtc> Memory Leak (mel):
Found 320 leaked blocks with total size 898 bytes
At time of each allocation, the call stack was:
 [1] mallocvoro() at line 1714 in "test_servicev.c"
 [2] xmlStrndup() at line 45 in "xmlstring.c"

<rtc> Memory Leak (mel):
Found leaked block of size 100 bytes at address 0x7bf758
At time of allocation, the call stack was:
 [1] Edi_GetNachrichtVersion() at line 428 in "Edi.c"
 [2] EdiXml_edifact_to_dom() at line 145 in "EdiXml.c"
 [3] main() at line 1206 in "test_servicev.c"


Possible leaks report  (possible leaks:       0  total size:       0 bytes)

Blocks in use report   (blocks in use:     1026  total size:   34283 bytes)

 Total  % of Num of  Avg     Allocation call stack
 Size    All Blocks  Size
======= ==== ====== ======  =======================================
  10415  30%    341     30  _gl_ext_malloc < _gl_alloc_ptr
   5440  15%      1   5440  lddefenv < greadenv < idx_ggetenv2 < _sqdbgsetup
< ostcb_alloc < CheckOsInit < greadenv < idx_ggetenv2
   4261  12%    340     12  lddefenv < greadenv
   3344   9%    152     22  gl_cache_registry < init_fe
   2456   7%      1   2456  ostcb_alloc < CheckOsInit < greadenv <
idx_ggetenv2 < getdbtoday < rtoday < st_2900001_sactdt < st_2900001_pstart
   1824   5%    152     12  gl_cache_registry < init_fe
   1192   3%      1   1192  gentcb_alloc < CheckGenInit < rtoday <
st_2900001_sactdt < st_2900001_pstart < main
   1072   3%      1   1072  _nss_XbyY_buf_alloc < _getpwnam < ifx_getpwnam <
ggethomepath < greadenv < idx_ggetenv2 < _sqdbgsetup < ostcb_alloc
    572   1%      1    572  calloc < _tzload < _ltzset_u < localtime_u <
st_2900001_sactdt < st_2900001_pstart < main
    512   1%      1    512  _gl_ext_malloc < set_function_pointers <
set_flags < update_locale < set_categories < get_locale < init_fe < initgls
    256  <1%      1    256  _gl_ext_malloc < set_function_pointers <
set_flags < update_locale < set_categories < get_locale < init_fe < initgls
    256  <1%      1    256  _gl_ext_malloc < set_function_pointers <
set_flags < update_locale < set_categories < get_locale < init_fe < initgls
    143  <1%      1    143  calloc < _tzload < _ltzset_u < localtime_u <
st_2900001_sactdt < st_2900001_pstart < main
    142  <1%      1    142  cache_locale_string < cache_month_strings <
initdatetime < init_fe < initgls < CheckOsInit < greadenv < idx_ggetenv2
    142  <1%      1    142  cache_locale_string < cache_month_strings <
initdatetime < init_fe < initgls < CheckOsInit < greadenv < idx_ggetenv2
    104  <1%      1    104  cache_locale_string < cache_month_strings <
initdatetime < init_fe < initgls < CheckOsInit < greadenv < idx_ggetenv2
    104  <1%      1    104  cache_locale_string < cache_month_strings <
initdatetime < init_fe < initgls < CheckOsInit < greadenv < idx_ggetenv2
     96  <1%      1     96  calloc < _tzload < _ltzset_u < localtime_u <
st_2900001_sactdt < st_2900001_pstart < main
     82  <1%     15      5  ginsenv < lddefenv
     38  <1%      1     38  _tzload < _ltzset_u < localtime_u <
st_2900001_sactdt < st_2900001_pstart < main

=====================================================================

You see that I overrieded the default Libxml Memory functions
with:
xmlMemSetup (freevoro, mallocvoro, reallocvoro, strdupvoro);
and
xmlGcMemSetup (freevoro, mallocvoro, mallocvoro, reallocvoro, strdupvoro);

static void *mallocvoro (size_t size)
{
   void *m = NULL;

   LibXmlAnzMalloc++;
   LibXmlMemUse += size;
   m = malloc(size);
   fprintf(stderr, "malloc: <%x>\n",  m);
   fflush(stderr);
   return m;
}

static void freevoro (void *ptr)
{
   fprintf(stdout, "free: <%x>\n", ptr);
   fflush(stdout);
   LibXmlAnzFree++;
   free(ptr);
}

static void *reallocvoro (void *ptr, size_t size)
{
   fprintf(stderr, "realloc: <%x>\n", ptr);
   fflush(stderr);
   LibXmlAnzRealloc++;
   LibXmlMemUse += size;
   return realloc(ptr, size);
}

static char *strdupvoro (const char *s1)
{
   LibXmlAnzStrdup++;
   return strdup((char*)s1);
}

st_4630481_Node_SetTextUTF8:
<snip>
   dbx say it run into this statement
   xmlNodeSetContent(pTmpNode, (xmlChar*) "\0");
   I think the rest of the function isn't interesting.
</snip>

On my fprintf's i can see that the freed adress
isn't malloced by the libxml ....

I have tested this also on libxml 2.2.14
whith the same parameters
and it doesn't core.

However, if you need further informations
ask me.

Thanks
Volker Roth
Follow-Ups:
- Re: [xml] Bus Error xmlNodeSetContent 2.2.16 (long mail)
  - From: Daniel Veillard
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]