GNOME Bugzilla – Bug 340398
xmlCharEncOutFunc crash in case of @in datum is read-only
Last modified: 2006-05-02 12:33:53 UTC
/* libxml2-2.6.19 xmlCharEncOutFunc() crash at encoding.c, line 2064 if @in datum is read-only xmlGenericError(xmlGenericErrorContext, "output conversion failed due to conv error\n"); xmlGenericError(xmlGenericErrorContext, "Bytes: 0x%02X 0x%02X 0x%02X 0x%02X\n", in->content[0], in->content[1], in->content[2], in->content[3]); here >>> in->content[0] = ' '; */ #include <stdio.h> #include <libxml/parser.h> int main(char * argv, int argc) { // any encoding supported only via iconv xmlCharEncodingHandlerPtr encoder = xmlFindCharEncodingHandler("cp866"); if(!encoder) { printf("encoder not found\n"); return 1; } // input datum is located in write protected memory xmlChar * in = BAD_CAST "static garbage: \xff\xff\xff\xff"; xmlBufferPtr out_buff = xmlBufferCreate(); xmlBufferPtr in_buff = xmlBufferCreateStatic(in, xmlStrlen(in)); // crash here int ret = xmlCharEncOutFunc(encoder, out_buff, in_buff); if(ret < 0) { printf("error: %d\n", ret); } else { printf("%s\n", (const char * const) xmlBufferContent(out_buff)); } xmlBufferFree(in_buff); xmlBufferFree(out_buff); return 0; }
Did this happen in normal parsing processing ? xmlBufferCreateStatic() is targetted to very specific uses, I fixed this in CVS, it's easy, Daniel
(In reply to comment #1) > Did this happen in normal parsing processing ? > xmlBufferCreateStatic() is targetted to very specific uses Actually it happens only in case iconv returns error code. I used the xmlBufferCreateStatic for wrapping in datum as I theat it as constant. BTW. Some lines above the CharEncOut functions writes the @in buffer in the same way. I'm confused...