GNOME Bugzilla – Bug 322411
Memory fault in Schema validation using 'unique' constraint
Last modified: 2005-11-28 12:45:34 UTC
Steps to reproduce: Setup: xmllint: using libxml version 20622-CVS2684 compiled with: Threads Tree Output Push Reader Patterns Writer SAXv1 FTP HTTP DTDValid HTML Legacy C14N Catalog XPath XPointer XInclude Iconv ISO8859X Unicode Regexps Automata Expr Schemas Schematron Modules Debug With the attached files (a schema file and an xml file), the following validation : xmllint --schema test-unique.xsd test-unique.xml --noout leads to a memory fault. The stack is the following : (gdb) bt
+ Trace 64250
If the number of items in the xml file is reduced, the validation is OK.
Created attachment 55213 [details] Schema file
Created attachment 55214 [details] xml file
This seems to work for me with CVS head: paphio:~/XML -> ./xmllint --noout --schema ../55213.xsd ../55214.xml ../55214.xml validates paphio:~/XML -> ./xmllint --version ./xmllint: using libxml version 20622-CVS2667 anything specific to your environment ? Daniel
Okay valgrind shows up a problem there: localhost:~/XML -> valgrind ./xmllint --noout --schema ../55213.xsd ../55214.xml==8158== Invalid read of size 4 ==8158== at 0x80D4998: xmlSchemaBubbleIDCNodeTables (xmlschemas.c:23188) ==8158== by 0x80D7A79: xmlSchemaValidatorPopElem (xmlschemas.c:25956) ==8158== by 0x80D8ECD: xmlSchemaVDocWalk (xmlschemas.c:27457) ==8158== by 0x80D9050: xmlSchemaVStart (xmlschemas.c:27568) ==8158== by 0x80D9153: xmlSchemaValidateDoc (xmlschemas.c:27646) ==8158== by 0x804CCDC: parseAndPrintFile (xmllint.c:2672) ==8158== by 0x804EE73: main (xmllint.c:3438) ==8158== Address 0x1BA9E878 is 32 bytes inside a block of size 192 free'd ==8158== at 0x1B904BC0: realloc (vg_replace_malloc.c:306) ==8158== by 0x8077A6C: xmlReallocLoc (xmlmemory.c:345) ==8158== by 0x8077B4D: xmlMemRealloc (xmlmemory.c:394) ==8158== by 0x80D4AFA: xmlSchemaBubbleIDCNodeTables (xmlschemas.c:23257) ==8158== by 0x80D7A79: xmlSchemaValidatorPopElem (xmlschemas.c:25956) ==8158== by 0x80D8ECD: xmlSchemaVDocWalk (xmlschemas.c:27457) ==8158== by 0x80D9050: xmlSchemaVStart (xmlschemas.c:27568) ==8158== by 0x80D9153: xmlSchemaValidateDoc (xmlschemas.c:27646) ==8158== by 0x804CCDC: parseAndPrintFile (xmllint.c:2672) ==8158== by 0x804EE73: main (xmllint.c:3438) ../55214.xml validates localhost:~/XML -> I'm afraid I will have to let Kasimier handle this, this is really deep in the schemas code, Daniel
Fixed now in CVS, xmlschemas.c revision 1.183. (from the ChangeLog): An assignment to a local variable, which was used to access the IDC node list, was missing after the reallocation of the list; thus working on the local var produced a read error. I disabled the define ENABLE_IDC_NODE_TABLES_TEST (previuosly ENABLE_IDC_NODE_TABLES). It unnecessarily forced the IDC node tables to bubble upwards *all* parent nodes. This was actually intended to be used for test purposes to check if IDC bubbles do work, but I missed to disable this. So the performance should rise here a bit now. If you are testing the IDC mechanism then it would be good to enable ENABLE_IDC_NODE_TABLES_TEST on your side to strain the mechaism a bit more. If you want to debug the node tables on each node than enable DEBUG_IDC_NODE_TABLE; it will dump the node table entries. Thanks for the report !