Re: [xml] another of those fun SEGV's in xmlFreeDoc?

From: Daniel Veillard <veillard redhat com>
To: Rick Jones <rick jones2 hp com>
Cc: xml gnome org
Subject: Re: [xml] another of those fun SEGV's in xmlFreeDoc?
Date: Thu, 27 Oct 2005 12:26:28 -0400

On Thu, Oct 27, 2005 at 09:14:15AM -0700, Rick Jones wrote:

  if ((*message = xmlParseMemory(message_base,message_len)) != NULL) {



  Hum, okay , could try to use xmlReadMemory and check if problem persists

    if (debug) {
      fprintf(where, "recv_control_message: xmlParseMemory returned %p\n",
              *message);
      fflush(where);
    }
    return(message_len);
  } else {

...

}

int
process_message(server_t *server, xmlDocPtr doc)
{
  int loc_debug = 0;
  int rc = NPE_SUCCESS;
  int cur_state = 0;
  xmlChar *fromnid;
  xmlNodePtr msg;
  xmlNodePtr cur;
  struct msgs *which_msg;

  if (debug) {
    fprintf(where,"process_message: entered\n");
    fflush(where);
  }

  msg = xmlDocGetRootElement(doc);
  if (msg == NULL) {
    fprintf(stderr,"empty document\n");
    fflush(stderr);
    printf("freeing the %p empty doc\n",doc);
    xmlFreeDoc(doc);


 okay

    return(rc);
  }
  fromnid = xmlGetProp(msg,(const xmlChar *)"fromnid");


  seems fromnid value ain't checked and the returned string is leaked as
not xmlFree'd

  if (server != NULL)  cur_state = 1 << server->state;

  if (debug) {
    fprintf(where,"process_message: received '%s' message from server %s\n",
            msg->xmlChildrenNode->name, fromnid);
    fprintf(where,"process_message: servers current state is %d\n", 
    cur_state);
    fflush(where);
  }
  for (cur = msg->xmlChildrenNode; cur != NULL; cur = cur->next) {
    which_msg = np_msg_handler_base;
    while (which_msg->msg_name != NULL) {
      if (xmlStrcmp(cur->name,(xmlChar *)which_msg->msg_name)) {
        which_msg++;
        continue;
      }
      if (which_msg->valid_states & cur_state) {
        rc = (which_msg->msg_func)(cur,doc,server);


   I can't guess what this does to doc or cur.
   Do you still get the problem if you skip that step ?

        if (rc != NPE_SUCCESS) {
          fprintf(where,"process_message: received %d from %s\n",
                  rc, which_msg->msg_name);
          fflush(where);
          server->state = NSRV_ERROR;
          if (server->sock != -1) {
            close(server->sock);
            /* should we delete the server from the server_hash ? sgb */
            break;
          }
        }
      } else {
        if (debug || loc_debug) {
          fprintf(where,
                  "process_message:state is %d got unexpected '%s' 
                  message.\n",
                  cur_state,
                  cur->name);
          fflush(where);
        }
      }
      which_msg++;
    }
  }
  printf("freeing the %p doc doc\n",doc);
  xmlFreeDoc(doc);


  yeah, this should not hang

  Did you tried to run your app under valgrind. I can't see anything wrong 
which would lead to the problem

Daniel

-- 
Daniel Veillard      | Red Hat http://redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

Follow-Ups:
- Re: [xml] another of those fun SEGV's in xmlFreeDoc?
  - From: Rick Jones

References:
- [xml] another of those fun SEGV's in xmlFreeDoc?
  - From: Rick Jones
- Re: [xml] another of those fun SEGV's in xmlFreeDoc?
  - From: Daniel Veillard
- Re: [xml] another of those fun SEGV's in xmlFreeDoc?
  - From: Rick Jones

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]