After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 340398 - xmlCharEncOutFunc crash in case of @in datum is read-only
xmlCharEncOutFunc crash in case of @in datum is read-only
Status: RESOLVED FIXED
Product: libxml2
Classification: Platform
Component: general
2.6.x
Other Windows
: Normal normal
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2006-05-02 12:00 UTC by Egor
Modified: 2006-05-02 12:33 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Egor 2006-05-02 12:00:43 UTC
/*
libxml2-2.6.19
xmlCharEncOutFunc()
crash at encoding.c, line 2064
if @in datum is read-only

		xmlGenericError(xmlGenericErrorContext,
			"output conversion failed due to conv error\n");
		xmlGenericError(xmlGenericErrorContext,
			"Bytes: 0x%02X 0x%02X 0x%02X 0x%02X\n",
			in->content[0], in->content[1],
			in->content[2], in->content[3]);
here >>>
		in->content[0] = ' ';

*/

#include <stdio.h>
#include <libxml/parser.h>

int main(char * argv, int argc) {

	// any encoding supported only via iconv
	xmlCharEncodingHandlerPtr encoder = xmlFindCharEncodingHandler("cp866");
	if(!encoder) {
		printf("encoder not found\n");
		return 1;
	}

	// input datum is located in write protected memory
	xmlChar * in = BAD_CAST "static garbage: \xff\xff\xff\xff";

	xmlBufferPtr out_buff = xmlBufferCreate();
	xmlBufferPtr in_buff = xmlBufferCreateStatic(in, xmlStrlen(in));

	// crash here
	int ret = xmlCharEncOutFunc(encoder, out_buff, in_buff);
	if(ret < 0) {
		printf("error: %d\n", ret);
	} else {
		printf("%s\n", (const char * const) xmlBufferContent(out_buff));
	} 

	xmlBufferFree(in_buff);
	xmlBufferFree(out_buff);

	return 0;

}
Comment 1 Daniel Veillard 2006-05-02 12:24:44 UTC
Did this happen in normal parsing processing ?
xmlBufferCreateStatic() is targetted to very specific uses,
I fixed this in CVS, it's easy,

Daniel
Comment 2 Egor 2006-05-02 12:33:53 UTC
(In reply to comment #1)
> Did this happen in normal parsing processing ?
> xmlBufferCreateStatic() is targetted to very specific uses

Actually it happens only in case iconv returns error code.
I used the xmlBufferCreateStatic for wrapping in datum as I theat it as constant.
BTW. Some lines above the CharEncOut functions writes the @in buffer in the same way. I'm confused...