Re: [xml] Crash in xmlPushInput

On Mon, Jun 19, 2006 at 09:07:16PM -0700, Ryan Phillips wrote:
Daniel Veillard wrote:
[Switching to Thread -1208514336 (LWP 26163)]
0x00386e21 in xmlPushInput () from /usr/lib/
#0  0x00386e21 in xmlPushInput () from /usr/lib/
#1  0x0042452a in xmlParseCharData () from /usr/lib/
#2  0x00428f27 in xmlParseChunk () from /usr/lib/
#3  0x00432e9e in xmlRegExecPushString () from /usr/lib/
#4  0x00433a98 in xmlTextReaderRead () from /usr/lib/
#5  0x08048931 in streamFile (filename=0xbffd5c95 "crash.xml") at 
#6  0x080489f3 in main (argc=2, argv=0xbffab614) at reader1.c:93
#0  0x00386e21 in xmlPushInput () from /usr/lib/
The program is running.  Exit anyway? (y or n) 
Program received signal SIGSEGV, Segmentation fault.

 The crash does not happen if you remove the XML_PARSE_RECOVER option.
I will remove the crash in CVS, but I'm also thinking about ways to 
allow XML_PARSE_RECOVER only in exceptional cases.




Thanks for the pointer.  I have removed XML_PARSE_RECOVER and tweaked a 
few things in our code.  The application is now running fine.

Basically, XML_PARSE_RECOVER allows to get more closing tags than allowed and
continue normal processing. This breaks many assumptions done in the XML
parser and as you experienced this can lead to dangerous code paths. Thanks
for pointing the issue !


Daniel Veillard      | Red Hat
veillard redhat com  | libxml GNOME XML XSLT toolkit | Rpmfind RPM search engine

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]