Bug 171220 – xml Schemas : memory fault when using invalid enumeration value

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 171220 - xml Schemas : memory fault when using invalid enumeration value


Summary:	xml Schemas : memory fault when using invalid enumeration value


Status:	VERIFIED FIXED

Product:	libxml2
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	kbuchcik
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2005-03-22 14:15 UTC by Fabrice GUY
Modified:	2009-08-15 18:40 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
test-enum.xsd : schema for the test case (718 bytes, application/octet-stream) 2005-03-22 14:16 UTC, Fabrice GUY	Details
test-enum.xml : xml file reproducing the bug (87 bytes, text/xml) 2005-03-22 14:18 UTC, Fabrice GUY	Details

Description Fabrice GUY 2005-03-22 14:15:11 UTC

If using the CVS HEAD version (20618-CVS2385), 
xmllint --schema test-enum.xsd test-enum.xml produces a memory fault (see files
attached).

Here is the gdb stack :

+ Trace 57171

#0 xmlSchemaVFacetErr
at xmlschemas.c line 1382
#1 xmlSchemaValidateFacetsInternal
at xmlschemas.c line 15665
#2 xmlSchemaValidateSimpleTypeValue
at xmlschemas.c line 16653
#3 xmlSchemaCheckAttrLocallyValid
at xmlschemas.c line 19991
#4 xmlSchemaValidateAttributes
at xmlschemas.c line 20405
#5 xmlSchemaValidateElementByComplexType
at xmlschemas.c line 19544
#6 xmlSchemaValidateElementByType
at xmlschemas.c line 19901
#7 xmlSchemaValidateElementByDeclaration
at xmlschemas.c line 19127
#8 xmlSchemaValidateCallback
at xmlschemas.c line 16328
#9 xmlRegCompactPushString
at xmlregexp.c line 2700
#10 xmlRegExecPushString
at xmlregexp.c line 2764
#11 xmlRegExecPushString2
at xmlregexp.c line 3108
#12 xmlSchemaValidateElementByComplexType
at xmlschemas.c line 19615
#13 xmlSchemaValidateElementByType
at xmlschemas.c line 19901
#14 xmlSchemaValidateElementByDeclaration
at xmlschemas.c line 19127
#15 xmlSchemaStartValidation
at xmlschemas.c line 20728
#16 xmlSchemaValidateDoc
at xmlschemas.c line 21117
#17 parseAndPrintFile
at xmllint.c line 1703
#18 main
at xmllint.c line 2408


This memory fault comes from xmlschemas.c:15665, since xmlSchemaVFacetErr is
called with facet = NULL and error != XML_SCHEMAV_CVC_ENUMERATION_VALID.

It doesn't occur with version 2.6.18.

Comment 1 Fabrice GUY 2005-03-22 14:16:28 UTC

Created attachment 39072 [details]
test-enum.xsd : schema for the test case

Comment 2 Fabrice GUY 2005-03-22 14:18:18 UTC

Created attachment 39073 [details]
test-enum.xml : xml file reproducing the bug

Comment 3 kbuchcik 2005-03-24 11:08:04 UTC

Yes, setting the error type to XML_SCHEMAV_CVC_ENUMERATION_VALID healed this issue.
Fixed in CVS, xmlschemas.c rev 1.122.

Thanks for the report!

Comment 4 Daniel Veillard 2005-09-05 08:59:36 UTC

This should be closed by release of libxml2-2.6.21,

  thanks,

Daniel