Re: [xml] another of those fun SEGV's in xmlFreeDoc?
- From: Rick Jones <rick jones2 hp com>
- To: veillard redhat com
- Cc: xml gnome org
- Subject: Re: [xml] another of those fun SEGV's in xmlFreeDoc?
- Date: Thu, 27 Oct 2005 09:49:39 -0700
Daniel Veillard wrote:
On Thu, Oct 27, 2005 at 09:14:15AM -0700, Rick Jones wrote:
if ((*message = xmlParseMemory(message_base,message_len)) != NULL) {
Hum, okay , could try to use xmlReadMemory and check if problem persists
What sematic differences are there? Does xlmReadMemory do validation and
attribute loading from the DTD (more that I left-out originally, sorry - i'm not
the only one "contributing" to this code and they went down a path of getting
default values from a DTD)
if (debug) {
fprintf(where, "recv_control_message: xmlParseMemory returned %p\n",
*message);
fflush(where);
}
return(message_len);
} else {
...
}
int
process_message(server_t *server, xmlDocPtr doc)
{
int loc_debug = 0;
int rc = NPE_SUCCESS;
int cur_state = 0;
xmlChar *fromnid;
xmlNodePtr msg;
xmlNodePtr cur;
struct msgs *which_msg;
if (debug) {
fprintf(where,"process_message: entered\n");
fflush(where);
}
msg = xmlDocGetRootElement(doc);
if (msg == NULL) {
fprintf(stderr,"empty document\n");
fflush(stderr);
printf("freeing the %p empty doc\n",doc);
xmlFreeDoc(doc);
okay
return(rc);
}
fromnid = xmlGetProp(msg,(const xmlChar *)"fromnid");
seems fromnid value ain't checked and the returned string is leaked as
not xmlFree'd
IIRC, the messages pass-through validation, so if there isn't a fromnid, I
_think_ xmlParseMemory will have failed?
if (server != NULL) cur_state = 1 << server->state;
if (debug) {
fprintf(where,"process_message: received '%s' message from server %s\n",
msg->xmlChildrenNode->name, fromnid);
fprintf(where,"process_message: servers current state is %d\n",
cur_state);
fflush(where);
}
for (cur = msg->xmlChildrenNode; cur != NULL; cur = cur->next) {
which_msg = np_msg_handler_base;
while (which_msg->msg_name != NULL) {
if (xmlStrcmp(cur->name,(xmlChar *)which_msg->msg_name)) {
which_msg++;
continue;
}
if (which_msg->valid_states & cur_state) {
rc = (which_msg->msg_func)(cur,doc,server);
I can't guess what this does to doc or cur.
Do you still get the problem if you skip that step ?
Yeah, I was wondering about that as I was doing the cut-and-paste. I'll go
digging through to see what that routine might be doing...
if (rc != NPE_SUCCESS) {
fprintf(where,"process_message: received %d from %s\n",
rc, which_msg->msg_name);
fflush(where);
server->state = NSRV_ERROR;
if (server->sock != -1) {
close(server->sock);
/* should we delete the server from the server_hash ? sgb */
break;
}
}
} else {
if (debug || loc_debug) {
fprintf(where,
"process_message:state is %d got unexpected '%s'
message.\n",
cur_state,
cur->name);
fflush(where);
}
}
which_msg++;
}
}
printf("freeing the %p doc doc\n",doc);
xmlFreeDoc(doc);
yeah, this should not hang
Did you tried to run your app under valgrind. I can't see anything wrong
which would lead to the problem
I have no idea what valgrind is, so nope :)
rick
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
