GNOME Bugzilla – Bug 105418
xsltDocumentFunctionLoadDocument segfaults if no file exists
Last modified: 2009-08-15 18:40:50 UTC
A negative test that I run executes successfully on libxslt-1.0.23, but starting in libxslt-1.0.24 it gets a seg fault on line 155 of functions.c. Here is a reproduction using libxslt-1.0.25. cd to libxslt-1.0.25/tests/documents/ Here is test.xml: <?xml version="1.0"?> <files> <file name="docfile.xml"/> <file name="doc%5Ffile.xml"/> </files> Copy that file to test-bad.xml and modify it so that it references a a file that does not exist: <?xml version="1.0"?> <files> <file name="foofile.xml"/> <file name="foo%5Ffile.xml"/> </files> The output below shows the expected good libxslt-1.0.23 output: [jta@gertie documents]$ xsltproc -V Using libxml 20430, libxslt 10023 and libexslt 714 xsltproc was compiled against libxml 20430, libxslt 10023 and libexslt 714 libxslt 10023 was compiled against libxml 20430 libexslt 714 was compiled against libxml 20430 [jta@gertie documents]$ xsltproc test.xsl test.xml It work's It work's [jta@gertie documents]$ xsltproc test.xsl test-bad.xml warning: failed to load external entity "foofile.xml" warning: failed to load external entity "foo_file.xml" Can't Open File: foofile.xml Can't Open File: foo%5Ffile.xml Here is the libxslt-1.0.25 seg fault: [jta@gertie documents]$ xsltproc -V Using libxml 20502, libxslt 10025 and libexslt 716 xsltproc was compiled against libxml 20502, libxslt 10025 and libexslt 716 libxslt 10025 was compiled against libxml 20502 libexslt 716 was compiled against libxml 20502 [jta@gertie xsltproc]$ xsltproc test.xsl test-bad.xml warning: failed to load external entity "foofile.xml" Segmentation fault It fails on line 155 of functions.c: Program received signal SIGSEGV, Segmentation fault. xsltDocumentFunctionLoadDocument (ctxt=0x80880b8, URI=0x8088448 "#oofile.xml") at functions.c:155 155 doc = xsltdoc->doc; There is a problem with processing the block of code below: if (xsltdoc == NULL) { /* functions.c line 141 */ if ((URI == NULL) || (URI[0] = '#') || (xmlStrEqual(tctxt->style->doc->URL, URI))) { doc = tctxt->style->doc; } else { valuePush(ctxt, xmlXPathNewNodeSet(NULL)); if (fragment != NULL) xmlFree(fragment); return; } } doc = xsltdoc->doc; /* functions.c line 155 */ On line 141, the xsltdoc pointer is NULL: (gdb) next 141 if (xsltdoc == NULL) { (gdb) print xsltdoc $1 = 0x0 And it is still NULL for the assignment on line 155: (gdb) next 155 doc = xsltdoc->doc; (gdb) print xsltdoc $1 = 0x0 (gdb) next Program received signal SIGSEGV, Segmentation fault. xsltDocumentFunctionLoadDocument (ctxt=0x80880b8, URI=0x8088448 "#oofile.xml") at functions.c:155 155 doc = xsltdoc->doc;
Right ! BUGGGG !!! Changing to } else doc = xsltdoc->doc; fixes the problem... I think a libxslt-1.0.26 will show up within a couple of days :-( Thanks a lot of the report and example !!! Daniel
this should be fixed in libxslt-1.0.26 release, thanks, Daniel