Re: [xml] Missing namespace prefix after xmlReconciliateNs



Hi Martin

I had this problem in history too, but i gave up. (but I am constantly
monitoring this issue as this is on my long-term radar)

Do a diff between 2.6.something and 2.6.32 in tree.c: xmlReconciliateNs()
You find 4-5 lines diff for addressing some Memory issues.

When you do a quick "google: xmlReconciliateNs"
And you look VERY carefully, you will see, that you get 1730 hits, mainly
topic'd with Trouble, problem, Fix

Very interesting, in 2002, Kasimier Buchcik wrote a new xmlReconciliateNs()
but it was not taken.
http://mail.gnome.org/archives/xml/2003-May/msg00066.html

I really understand Daniel in some way not replacing a *known* buggy
function with a new version which has some issues too. 
Daniel: "Your algorithm is certainly better than the existing one but I'm
not sure it is the right way to proceed acually."

It is a real shame, that Daniel offered a new Idea for this function, but
never did it.

But in a situation where I have a code, who has several main glitches, I
would replace this code even with the other code, even if it does not meet
my taste.

For you this is sure not funny, but you have several methods to fix your
problem:
1: Try the other code from Kasimier. (maybe it helps, but it seems to be so
from first look)
2: Write your own fix to libxml and post it to libxml (and it will never be
used)
3: Do not use xmlReconciliateNs() and try to get rid of the need.
4: Change your XML lib. (...)
5: Write to OASIS, give them a 20 new testcase to the XML Test Suite where
Libxml fails, and then Libxml will Fail in W3C Conformance test, and then
*somebody* has to react. :-)

That's Opensource, and once a function gets below 5% overall usage, nobody
cares about this.

In this point I agree with Linus, who tells us:

"one reason I refuse to bother with the whole security circus is that I
think it glorifies - and thus encourages - the wrong behavior. It makes
'heroes' out of security people, as if the people who don't just fix normal
bugs aren't as important. In fact, all the boring normal bugs are _way_ more
important, just because there's a lot more of them. I don't think some
spectacular security hole should be glorified or cared about as being any
more 'special' than a random spectacular crash due to bad locking."

And this is the same Daniel is doing here atm.
Can somebody tell him, that 90% of all Opensource Linux software is using
Libxml ?

Franz





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]