Re: [xml] xml freeing the same string twice

From: Nikolay Sivov <bunglehead gmail com>
To: xml gnome org
Subject: Re: [xml] xml freeing the same string twice
Date: Tue, 05 Apr 2011 11:05:22 +0400

On 4/5/2011 08:29, Wolfgang Rohdewald wrote:

Hi,

meinproc4.exe (from KDE on windows) always crashes.
using libxml2-2.7.7

I think I found one problem causing this in

xmlSAX2TextNode

using the xmlDict for short strings and such for
avoiding malloc/free on them. So it sets the
text node content (ret->content) to the string
from that dict.

but later in xmlFreeNode it frees that string

so if a dict entry is used twice it will be
freed twice - this is what actually happens

I can avoid the segfault by disabling the code
in xmlSAX2TextNode() at

if (ctxt->dictNames)


so how would a correct patch look like? put a
flag into the node saying that content must not
be freed when freeing the node and free strings
when they are removed from the dict?

DICT_FREE() already check if string is owned by a dictionary or not.

If it's owned it's freed with a dictionary in xmlDictFree(), otherwiseit's freed as is with xmlFree.


Could you attach a test source for that?

Follow-Ups:
- Re: [xml] xml freeing the same string twice
  - From: Wolfgang Rohdewald
- Re: [xml] xml freeing the same string twice
  - From: Wolfgang Rohdewald

References:
- [xml] xml freeing the same string twice
  - From: Wolfgang Rohdewald

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]