Re: [xml] XML Schema crash in W3C test suite

From: Daniel Veillard <veillard redhat com>
To: Stefan Behnel <stefan_ml behnel de>
Cc: xml gnome org
Subject: Re: [xml] XML Schema crash in W3C test suite
Date: Thu, 28 Feb 2008 11:14:19 -0500

On Thu, Feb 28, 2008 at 10:35:20AM +0100, Stefan Behnel wrote:

Hi,

I just ran xmllint of a vanilla libxml2 2.6.31 over the SUN part of the W3C
XML Schema test suite.

I get a couple of failures, but also a crash in one case, so I thought I'd
send in the results.

BTW, does anyone have a script to run the whole suite? For example, I have no
idea how to figure out which of the M$ tests are supposed to be valid or
invalid. <rant>I bet they have a truly platform independent Active-X control
somewhere on their page that knows the expected results ("platform
independent" == "runs on Windows XP *and* on Windows Vista")</rant>

Anyway, these are the test failures I get:

xmlschema2006-11-06/sunData/AttrUse/AU_valConstr/AU_valConstr00101m/AU_valConstr00101m1_n.xml
xmlschema2006-11-06/sunData/CType/attributeUses/attributeUses00101m/attributeUses00101m1_p.xml
xmlschema2006-11-06/sunData/CType/derivationMethod/derivationMethod00102m/derivationMethod00102m1_p.xml
xmlschema2006-11-06/sunData/CType/derivationMethod/derivationMethod00102m/derivationMethod00102m2_p.xml
xmlschema2006-11-06/sunData/ElemDecl/valueConstraint/valueConstraint00701m/valueConstraint00701m1_n.xml
xmlschema2006-11-06/sunData/Notation/name/name00101m/name00101m1_p.xml

I attached the test output. Seems to be mainly one problem with whitespace
around integers not being stripped.

For the following test, however, I get a crash:

xmlschema2006-11-06/sunData/Notation/targetNS/targetNS00101m/targetNS00101m2_p.xml

Valgrind gives me this:

==15628== Invalid free() / delete / delete[]
==15628==    at 0x402237F: free (vg_replace_malloc.c:233)
==15628==    by 0x4187985: xmlSchemaFreeValue (xmlschemastypes.c:1047)
==15628==    by 0x416A6CC: xmlSchemaFreeFacet (xmlschemas.c:3927)
==15628==    by 0x416A742: xmlSchemaFreeType (xmlschemas.c:3954)
==15628==    by 0x416A9A9: xmlSchemaComponentListFree (xmlschemas.c:4022)
==15628==    by 0x416AAAA: xmlSchemaBucketFree (xmlschemas.c:3504)
==15628==    by 0x410D7E8: xmlHashFree (hash.c:307)
==15628==    by 0x416AC49: xmlSchemaFree (xmlschemas.c:4119)
==15628==    by 0x804F853: main (xmllint.c:3534)
==15628==  Address 0x4389800 is 0 bytes inside a block of size 4 free'd
==15628==    at 0x402237F: free (vg_replace_malloc.c:233)
==15628==    by 0x4174BF8: xmlSchemaValidateNotation (xmlschemas.c:21820)
==15628==    by 0x417634B: xmlSchemaVCheckCVCSimpleType (xmlschemas.c:24469)
==15628==    by 0x417D606: xmlSchemaCheckFacet (xmlschemas.c:18599)
==15628==    by 0x417DC88: xmlSchemaFixupSimpleTypeStageTwo (xmlschemas.c:18756)
==15628==    by 0x4183E33: xmlSchemaFixupComponents (xmlschemas.c:20988)
==15628==    by 0x418694E: xmlSchemaParse (xmlschemas.c:21263)
==15628==    by 0x804F457: main (xmllint.c:3384)


Stefan


  Can you provide the .xml and .xsd leading to the crash ?

  thanks,

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

Follow-Ups:
- Re: [xml] XML Schema crash in W3C test suite
  - From: Stefan Behnel

References:
- [xml] XML Schema crash in W3C test suite
  - From: Stefan Behnel

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]