Bug 760325 – Optimizing xpath expressions locks up on larger inputs

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 760325 - Optimizing xpath expressions locks up on larger inputs


Summary:	Optimizing xpath expressions locks up on larger inputs


Status:	RESOLVED FIXED

Product:	libxml2
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Daniel Veillard
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-01-08 15:09 UTC by Sigbjorn Finne
Modified:	2016-04-27 16:07 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Sigbjorn Finne 2016-01-08 15:09:53 UTC

If xpath.c:xmlXPathOptimizeExpression() is given deeper expressions with leaves constructed by PUSH_LONG_EXPR() (cf. xpath.c), it locks up traversing the expression due to repeated traversals of sub-expressions.

See https://code.google.com/p/chromium/issues/detail?id=573768 for a testcase that shows this up. https://codereview.chromium.org/1562133002/ has a candidate fix.

Comment 1 Nick Wellnhofer 2016-04-27 16:07:53 UTC

Fixed with the following commit:

https://git.gnome.org/browse/libxml2/commit/?id=839689a9a85d81f722997d00ec17a36b17ce6731