GNOME Bugzilla – Bug 110023
xsltproc crash using latest release
Last modified: 2009-08-15 18:40:50 UTC
This simplified stylesheet works fine in my current release (1.0.23/2.5.3) but crashes in the latest. C:\gsstools\binaries>xsltproc --version Using libxml 20506, libxslt 10029 and libexslt 719 xsltproc was compiled against libxml 20506, libxslt 10029 and libexslt 719 libxslt 10029 was compiled against libxml 20506 libexslt 719 was compiled against libxml 20506 see attachments
Created attachment 15486 [details] verbose output from running xsltproc
Created attachment 15487 [details] the offending stylesheet
Created attachment 15488 [details] output from debug build (with debug memory functions)
Hopefully the three attachments provide enough detail.
Yes thanks a lot for the report. The new handling of Result Value Trees now allow for ctxt->document to become NULL, and you hit a case where this wasn't checked. I tried to clean up this an other places and committed it to CVS. I also added your test case to the regression tests: http://cvs.gnome.org/bonsai/cvsquery.cgi?branch=&dir=libxslt&who=veillard&date=explicit&mindate=2003-04-07%2008:40&maxdate=2003-04-07%2008:42&cvsroot=/cvs/gnome thanks a lot ! Daniel
will test as soon as changes are replicated to anoncvs
The original problem is fixed but another was exposed in teh process. See attached stylesheet
Created attachment 15565 [details] stylesheet for re-opening of bug
The problem appears to relate to using a result tree fragment cast to node-set in an extension function.
Created attachment 15573 [details] [review] Proposed fix for str:tokenize
The real problem was that context->document may be NULL. This was used in str:tokenize to get the root document to add a result tree fragment to. The new method (using a document as it's own container) no longer needs access to context->document->doc
Created attachment 15577 [details] [review] slightly fixed patch
updated the patch to change the returned object type from XSLT_RESULT_TREE to XPATH_NODESET
Okay, applied the patch, I also fixed on memory leak exposed by the test and ESXLT set function. There are others hiding there, I may need to revamp the handling of tree fragment to really clean this up. At least the current bug is fixed in CVS... thanks ! Daniel
I believe I've stumbled upon another problem here. xsltproc of versions 1.0.29 and 1.0.30 crashes with segmentation fault while processing a DocBook document (to be attached). The stylesheet used is the DocBook XSL stylesheet html/docbook.xsl from the DocBook XSL stylesheets package, version 1.60.1. Traceback:
+ Trace 36558
The faulty code: 3023 val = (const xmlChar *) 3024 xmlHashLookup2(ctxt->style->stripSpaces, 3025 cur->parent->name, 3026 cur->parent->ns->href); cur->parent->ns contains 0xffffffff, causing the segmentation fault.
Created attachment 16268 [details] The offending DocBook XML document
I've resubmit my problem as bug 112703 for better accountability ;)
this should be closed by release of libxslt-1.0.31 thanks, Daniel