[xml] Segmentation fault in xmlSAX2StartElementNs/nodePush

Title: Segmentation fault in xmlSAX2StartElementNs/nodePush

I'm having some trouble with segmentation faults. I get the following error from valgrind --tool=addrcheck

==2086== Invalid write of size 4
==2086==    at 0x342506B9: nodePush (in /usr/lib/libxml2.so.2.6.16)
==2086==    by 0x34263949: xmlSAX2StartElementNs (in /usr/lib/libxml2.so.2.6.16)
==2086==    by 0x34255AD7: (within /usr/lib/libxml2.so.2.6.16)
==2086==    by 0x3425A049: xmlParseElement (in /usr/lib/libxml2.so.2.6.16)
==2086==  Address 0x34546510 is 0 bytes after a block of size 0 alloc'd
==2086==    at 0x3414A23C: malloc (vg_replace_malloc.c:131)
==2086==    by 0x3414AC2B: realloc (vg_replace_malloc.c:189)
==2086==    by 0x342506E3: nodePush (in /usr/lib/libxml2.so.2.6.16)
==2086==    by 0x34263949: xmlSAX2StartElementNs (in /usr/lib/libxml2.so.2.6.16)

The relevant code segment is:

    // Set up a function to report errors                                      
    char *xmlErrors = new char[1024];
    xmlErrors[0] = '\0';
    xmlParserCtxt *context = xmlNewParserCtxt();
    context->sax->error = handleXMLError;
    context->sax->fatalError = handleXMLError;
    context->userData = xmlErrors;

    /* Parse the file and get the DOM */
    xmlDoc *doc = xmlCtxtReadFile( context, dropFile.c_str(), NULL, 0 );

If I don't set context->userData then the crash goes away.

Is there anything obviously stupid in that code, or a known bug that I'm tripping over because my libxml2 library is too old?

Neil Youngman

Neil Youngman 
Wirefast Limited

Wirefast provides secure corporate messaging services.
See our messaging solutions at

Please consider the environment.
Does this email or attachment need to be printed?

This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this email. Please
notify the sender immediately by email if you have received this
email by mistake and delete this email from your system.

Email transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of email transmission.
Wirefast Limited is registered in England & Wales
Company number: 03865860
Registered Office: 7/10 Chandos Street, Cavendish Square, London, W1G 9DQ

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]