[xml] strange coredump in 2.7.8

[Fred Smith <fsmith computrition com>]

I'm wondering if anyone here can help me understand what caused this core dump. 

The app statically links libxml2, and based on the line numbers, this one appears to have been linked with 
2.7.8 (we now use a much newer one...). You can see the beginning of the XML string being parsed in several 
places, including #8, and there's absolutely nothing unusual about it. The XML is an error/warning report 
from the "other end", but such of reports happen all the time, and they simply get reported and the program 
moves on.

But in this case libxml2 appears to have thought that the "encoding=" statement is in some way broken and 
tried to report that, and took a segfault/core dump when it tried.

I don't see what's wrong here, do any of you have any thoughts on it? (BTW, this is on Centos-6, 32-bit).

Thanks in advance!

Here's (part of) the backtrace from the resulting core file:

(gdb) bt
#0  0x005e6815 in _IO_vfprintf_internal (s=0x1, format=<value optimized out>, ap=0x39c1918 "\001") at 
vfprintf.c:1640
#1  0x08089c7f in xmlGenericErrorDefaultFunc (ctx=0x0, msg=0x80e6de0 "Entity: line %d: ") at error.c:78
#2  0x08088c60 in xmlReportError (err=0x464cbbb0, ctxt=0x464cba30, str=0x8ae52310 "Unsupported encoding 
WINDOWS-1252\n", 
    channel=0x8089c50 <xmlGenericErrorDefaultFunc>, data=0x0) at error.c:290
#3  0x08089973 in __xmlRaiseError (schannel=0, channel=0x8089320 <xmlParserError>, data=0x464cba30, 
ctx=0x464cba30, 
    nod=0x0, domain=1, code=32, level=XML_ERR_FATAL, file=0x0, line=1, str1=0x5266a9a8 "WINDOWS-1252", 
str2=0x0, str3=0x0, 
    int1=0, col=42, msg=0x80e702e "Unsupported encoding %s\n") at error.c:624
#4  0x0808acd5 in xmlFatalErrMsgStr (ctxt=0x464cba30, error=<value optimized out>, msg=<value optimized out>, 
    val=0x5266a9a8 "WINDOWS-1252") at parser.c:662
#5  0x0808f077 in xmlParseEncodingDecl (ctxt=0x464cba30) at parser.c:9968
#6  0x0808f52f in xmlParseXMLDecl (ctxt=0x464cba30) at parser.c:10134
#7  0x0809e1c0 in xmlParseTryOrFinish (ctxt=<value optimized out>, terminate=0) at parser.c:10880
#8  0x0809ead1 in xmlParseChunk (ctxt=0x464cba30, 
    chunk=0xb73be00c "l version=\"1.0\" encoding=\"WINDOWS-1252\"?>\n<Response>\n  <Error_List/>\n  
<Warning_List>\n    <Warning>\n      <Warning_Number>-20438</Warning_Number>\n      <Warning_Text>Message not 
processed because patr"..., 
    size=281, terminate=0) at parser.c:11739
#9  0x080ceba5 in xmlTextReaderPushData (reader=0x4b789970) at xmlreader.c:861
#10 0x080cf259 in xmlTextReaderRead (reader=0x4b789970) at xmlreader.c:1280
#11 0x0807eee1 in processDoc (readerPtr=0x4b789970, text=0x39c1e00) at HS_hl72xml.c:7520
#12 0x0807f2e9 in HS_extract_err_warn_text (
    HS_resp=0xb73be008 "<?xml version=\"1.0\" encoding=\"WINDOWS-1252\"?>\n<Response>\n  <Error_List/>\n  
<Warning_List>\n    <Warning>\n      <Warning_Number>-20438</Warning_Number>\n      <Warning_Text>Message not 
processed because "..., 
    success=1, warnings=1, text=0x39c1e00) at HS_hl72xml.c:7646
#13 0x0807f393 in HS_parse_response (msgbuf=0x39c32a4, myoutthr=0x9189db0, ifparms=0x39c20c0, 
    HS_resp=0xb73be008 "<?xml version=\"1.0\" encoding=\"WINDOWS-1252\"?>\n<Response>\n  <Error_List/>\n  
<Warning_List>\n    <Warning>\n      <Warning_Number>-20438</Warning_Number>\n      <Warning_Text>Message not 
processed because "..., 
    success=1, warnings=1, text=0x39c1e00) at HS_hl72xml.c:7690

Fred Smith
Senior Applications Programmer/Analyst
Computrition, Inc.
175 Middlesex Turnpike
Bedford, MA 01730
ph: 781-275-4488 x5013
fax: 781-357-4100

[my employer auto-appends a disclaimer here. I have no control over it.]