[xml] Fwd: XPath - crashing using xmlXPathCompiledEval (problem within xmlXPathCtxtCompile?) - long

["Andrew Nelson" <andyfaff gmail com>]

Hi all,
I sent this question about week ago, but didn't receive any responses,
so I'm sending it again :-).

regards,
Andy

---------- Forwarded message ----------
From: Andrew Nelson <andyfaff gmail com>
Date: 19 Nov 2007 14:15
Subject: XPath - crashing using xmlXPathCompiledEval (problem within
xmlXPathCtxtCompile?) - long
To: xml gnome org


Dear List,
I am using the latest version of libxml2  (2.6.30) to provide XML
support for a program called IGOR Pro on Win32 + MacOSX.  This
project takes the form of a C plugin.

-I compiled the libxml2 source myself.
-My test XML file is:
_______________________
<?xml version="1.0"?>
<XMLutils/>
_______________________

-the code fragment I have in my plugin is listed below.  When we get
to this stage doc is a valid xmlDocPtr, and xpathExpr = BAD_CAST ("/
XMLutils")
_____________________________________________________
xmlXPathObject *xpathObj = NULL;
xmlXPathContext *context = NULL;
xmlXPathCompExpr *comp = NULL;

//Create xpath evaluation context
     context = xmlXPathNewContext(doc);
     if(context == NULL) {
        *err = XPATH_CONTEXT_CREATION_ERROR;
           goto done;
     }

// compile xPath expression
comp = xmlXPathCtxtCompile(context,xpathExpr);
if(comp == NULL){
        *err = XPATH_COMPILE_ERROR;
        goto done;
}

xpathObj = xmlXPathCompiledEval(comp, context);
  if(xpathObj == NULL) {
         *err = UNABLE_TO_EVAL_XPATH_EXPR;
        goto done;
   }
____________________________________________________
If I run this fragment on the console it works fine.  However, it
crashes everytime in my plugin. The stacktrace is

0   libxml2.2.dylib                     0x17ba9561 xmlPatternMaxDepth +
111 (pattern.c:2545)
1   libxml2.2.dylib                     0x17b0d261 xmlXPathRunStreamEval
+ 69 (xpath.c:14043)
2   libxml2.2.dylib                     0x17b0d823 xmlXPathRunEval + 296
(xpath.c:14295)
3   libxml2.2.dylib                     0x17b0e281
xmlXPathCompiledEvalInternal + 233 (xpath.c:14681)
4   libxml2.2.dylib                     0x17b0e3d2 xmlXPathCompiledEval +
46 (xpath.c:14745)
5   com.apple.carbonbundletemplate      0x179e5186
execute_xpath_expression(_xmlDoc*, unsigned char*, unsigned char*,
int*) + 180 (XMLevaluateXPathExpression.cpp:126)

I investigated the cause of the crash and it appears that in
xmlPatternMaxDepth(pattern.c:2545) the pointer comp->stream is
pointing to 0x5, i.e. rubbish (comp->stream->nbStep is undefined).  I
know that it also has this value in xmlXPathRunStreamEval, but can't
see what its value is higher up the stack trace, as no debug info is
available for the members of *comp.  However, going back up through
the trace nothing seems to do anything to the pointer so I suspected
something was wrong with the original xmlXPathCompExprPtr.
I then looked into xmlXPathCtxtCompile and saw that there was a
conditional compilation if XPATH_STREAMING is defined.  I found this
in xpath.c and commented out this define, and rebuilt libxml.  This
time my plugin worked!  This leads me to believe there is a bug in
something that is called from xmlXPathCtxtCompile.
I suspect that it may originate from xmlPatterncompile, which is
called by xmlXPathTryStreamCompile, which is called by
xmlXPathCtxtCompile.  However, this looks formidable to me, so I
can't give any more info.

Can anyone give me any tips as to what is happening, why is it
resolved when I turn off XPATH_STREAMING?

cheers,
Andy





-- 
_____________________________________
Dr. Andrew Nelson


_____________________________________