[xml] xpathEval namespace axis corruption/segfault

I attach a simple python script (libxml2_crash.py) that seems to
 reference uninitialised memory, or crash the interpreter.

 Run on various setups, the results were (using ï for random junk char):
 * debian stable (2.6.27 plus security patches and py 2.4):
 * win32 (2.6.30 and py 2.4):
 * gentoo unstable (2.6.31 and py 2.5)
 TypeError: __str__ returned non-string (type NoneType)
 * same but sparc:
 bus error (I'm told "most likely a segfault that falls unaligned")

 It's not just the serialisation that's borked, any property reference
 - including the repr (which uses xmlNs.name) - can return junk or
 boom. More complicated documents crash in different places, or
 traceback when trying to construct the python xmlNs wrapper in
 nodeWrap (line 550) with:
    if name[0:8] == "document":
 TypeError: unsubscriptable object
 (That may not be related, seems that xmlNs.name is ns->prefix which is
 allowed to be NULL -> None -> unsubscriptable, no?)
 However xmlNs nodes are constructed fine through xmlNode.ns so it
 seems to be an xpath related problem. I could find nothing that seemed
 to be related in recent changelog or bugtracker. Is this a real issue
 that's just gone unnoticed?

 I tried the simplest C equivalent I could cook up from the docs
 (attached libxml2_nocrash.c) which behaves itself, perhaps suggesting
 the problem's in the python bindings. Could someone with a good
 understanding of the lib can get a better idea of what exactly is up?


Attachment: libxml2_crash.py
Description: Text Data

Attachment: libxml2_nocrash.c
Description: Text Data

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]