Re: [xml] xml freeing the same string twice

From: Wolfgang Rohdewald <wolfgang rohdewald de>
To: xml gnome org, Ralf Habacker <ralf habacker freenet de>
Subject: Re: [xml] xml freeing the same string twice
Date: Thu, 7 Apr 2011 04:06:40 +0200

On Dienstag 05 April 2011, Wolfgang Rohdewald wrote:

I believe this is what happens:


with that patch I can actually process all KDE4 
index.docbook files.

but we accidentally enabled --with-mem-debug and 
--with-run-debug on windows, and meinproc4 crashed
again for other docbooks.

so now I compiled libxml2 on linux with

./configure --with-mem-debug --with-run-debug

and now valgrind too finds more problems.

Please note that the ubuntu-supplied libxml2.7.7 does
not generate any warnings or errors for this index.docbook

you can reproduce it like this - you may need KDE 4.6.1
installed (that is what I have) but I think the exact
version does not matter.

svn co svn://anonsvn.kde.org/home/kde/trunk/l10n-kde4/de/docs/extragear-graphics/kgraphviewer
cd kgraphviewer

place libxml with debug options in /usr/local/lib

LD_LIBRARY_PATH=/usr/local/lib valgrind /usr/bin/meinproc4 index.docbook

==26153== Invalid read of size 1
==26153==    at 0x62E07AA: vfprintf (vfprintf.c:1614)
==26153==    by 0x6394A7F: __vsnprintf_chk (vsnprintf_chk.c:65)
==26153==    by 0x5358AC4: __xmlRaiseError (stdio2.h:78)
==26153==    by 0x53A0E37: xmlDebugErr3 (debugXML.c:181)
==26153==    by 0x53A2445: xmlCtxtDumpNode (debugXML.c:1070)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A4D2A: xmlCtxtDumpDocument (debugXML.c:1091)
==26153==    by 0x53A4E27: xmlDebugCheckDocument (debugXML.c:1583)
==26153==    by 0x537ACC7: xmlFreeDoc (tree.c:1193)
==26153==  Address 0xd4e2ab6 is 6 bytes inside a block of size 72 free'd
==26153==    at 0x4C27D71: free (vg_replace_malloc.c:366)
==26153==    by 0x5382B45: xmlHashFree (hash.c:307)
==26153==    by 0x568D6F8: xsltFreeDocumentKeys (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x5697E19: xsltFreeDocuments (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x56A0A3C: xsltFreeTransformContext (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x56A15D4: ??? (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x406A36: transform(QString const&, QString const&, QVector<char const*> const&) 
(xslt.cpp:168)
==26153==    by 0x405684: main (meinproc.cpp:240)
==26153== 
index.docbook:762: element para: error : Text node has wrong name ''
==26153== Invalid read of size 4
==26153==    at 0x53A2643: xmlCtxtDumpOneNode (debugXML.c:889)
==26153==    by 0x53A2445: xmlCtxtDumpNode (debugXML.c:1070)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A4D2A: xmlCtxtDumpDocument (debugXML.c:1091)
==26153==    by 0x53A4E27: xmlDebugCheckDocument (debugXML.c:1583)
==26153==    by 0x537ACC7: xmlFreeDoc (tree.c:1193)
==26153==    by 0x5697EE9: xsltFreeStyleDocuments (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x568056F: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x5680663: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x5680663: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x5680663: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==  Address 0x8afba80 is not stack'd, malloc'd or (recently) free'd
==26153== 
==26153== Invalid read of size 8
==26153==    at 0x5358F9F: __xmlRaiseError (error.c:515)
==26153==    by 0x53A09F6: xmlDebugErr2 (debugXML.c:171)
==26153==    by 0x53A2445: xmlCtxtDumpNode (debugXML.c:1070)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A4D2A: xmlCtxtDumpDocument (debugXML.c:1091)
==26153==    by 0x53A4E27: xmlDebugCheckDocument (debugXML.c:1583)
==26153==    by 0x537ACC7: xmlFreeDoc (tree.c:1193)
==26153==    by 0x5697EE9: xsltFreeStyleDocuments (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x568056F: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x5680663: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x5680663: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==  Address 0x8afbab8 is not stack'd, malloc'd or (recently) free'd
==26153== 
==26153== Invalid read of size 8
==26153==    at 0x5358FAE: __xmlRaiseError (error.c:515)
==26153==    by 0x53A09F6: xmlDebugErr2 (debugXML.c:171)
==26153==    by 0x53A2445: xmlCtxtDumpNode (debugXML.c:1070)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A4D2A: xmlCtxtDumpDocument (debugXML.c:1091)
==26153==    by 0x53A4E27: xmlDebugCheckDocument (debugXML.c:1583)
==26153==    by 0x537ACC7: xmlFreeDoc (tree.c:1193)
==26153==    by 0x5697EE9: xsltFreeStyleDocuments (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x568056F: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x5680663: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x5680663: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==  Address 0x87 is not stack'd, malloc'd or (recently) free'd
==26153== 
==26153== 
==26153== Process terminating with default action of signal 11 (SIGSEGV)
==26153==  Access not within mapped region at address 0x87
==26153==    at 0x5358FAE: __xmlRaiseError (error.c:515)
==26153==    by 0x53A09F6: xmlDebugErr2 (debugXML.c:171)
==26153==    by 0x53A2445: xmlCtxtDumpNode (debugXML.c:1070)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A247A: xmlCtxtDumpNode (debugXML.c:1091)
==26153==    by 0x53A4D2A: xmlCtxtDumpDocument (debugXML.c:1091)
==26153==    by 0x53A4E27: xmlDebugCheckDocument (debugXML.c:1583)
==26153==    by 0x537ACC7: xmlFreeDoc (tree.c:1193)
==26153==    by 0x5697EE9: xsltFreeStyleDocuments (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x568056F: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x5680663: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)
==26153==    by 0x5680663: xsltFreeStylesheet (in /usr/lib/libxslt.so.1.1.26)

-- 
Wolfgang

References:
- [xml] xml freeing the same string twice
  - From: Wolfgang Rohdewald
- Re: [xml] xml freeing the same string twice
  - From: Wolfgang Rohdewald
- Re: [xml] xml freeing the same string twice
  - From: Wolfgang Rohdewald

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]