Re: [xslt] CDATA text nodes can cause ctxt->lasttsize to be incorrect, bug?

On Wed, Feb 09, 2011 at 11:52:56PM -0500, Noam Postavsky wrote:
> xsltAddTextString (transform.c:708) allocates some extra space to
> target->content in order to avoid future allocations. If a CDATA node is
> added after this, the node gets added by xmlAddChild() which will merge
> the text and realloc() the content which means the extra space is no
> longer available. The problem is that ctxt->lasttsize still reflects the
> extra space allocation so a subsequent text node may corrupt memory.
> I've attached a small program to show the problem.
> Now this isn't a problem if XML_PARSE_NOCDATA is used because there
> won't be any CDATA nodes. So is it expected behaviour that libxslt fails
> when given a stylesheet with CDATA nodes, or is this a bug?

  In a sense it's a bug, but the XPath data model is very clear
CDATA nodes disapear and are supposed to be merged with adjacent
text nodes, so when parsing for libxslt processing one should use
XSLT_PARSE_OPTIONS to the libxml2 parser 

  - load the DTD
  - expand defaulted attributes and entities
  - turn CData into text nodes

I'm not sure how much of a pain it would be to fix that given bug,
maybe one just should check for CDATA in xsltAddTextString() and reset
any ctxt->lasttsize then.

BTW the libxml2 memeory debug is somehow similar to your checked_malloc :-)


Daniel Veillard      | libxml Gnome XML XSLT toolkit
daniel veillard com  | Rpmfind RPM search engine | virtualization library

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]