GNOME Bugzilla – Bug 119347
Windows crash using xmlElemDump call
Last modified: 2009-08-15 18:40:50 UTC
Hi All, After compiling libxml2-2.5.8 for Windows I have a following crash using [xmlElemDump]. This also occurs in 2.5.7 as well. [BTW, I have to remove includes config.h from nonoftp.c and nonoftp.c to get 2.5.8 to complie/build - this problem doesn't exist in 2.5.7] The following 'main' program is what I'm using: ***************** source code ************************* dvVoid testXML( dvVoid ) { int iRetVal; FILE *filePtr; xmlDocPtr doc; xmlNodePtr cur; xmlNodePtr tree1, tree2, tree3, tree4; xmlBufferPtr buf; xmlChar *charPtr; // open a auxillary debug output file filePtr = fopen("testXMLTemp.out", "w+"); if ( filePtr ) { doc = xmlNewDoc("1.0"); if ( doc ) { doc->children = xmlNewDocNode(doc, NULL, "HISTORYRECORD", "1"); fprintf( filePtr, "createXMLTestData: doc->children from xmlNewDocNode: 0x%X\n", doc->children); if ( doc->children ) { tree1 = xmlNewChild(doc->children, NULL, "RECORDTIME", "12:00:00 08-29-203"); fprintf( filePtr,"createXMLTestData: tree1 from xmlNewChild: 0x%X\n", tree1); tree2 = xmlNewChild(doc->children, NULL, "PROFILENAME", "RWXPTEST"); fprintf( filePtr,"createXMLTestData: tree2 from xmlNewChild: 0x%X\n", tree2); tree3 = xmlNewChild(doc->children, NULL, "PROFILEDATE", "08- 29-2003"); fprintf( filePtr,"createXMLTestData: tree3 from xmlNewChild: 0x%X\n", tree3); tree4 = xmlNewChild(doc->children, NULL, "PROFILETYPE", "Full"); fprintf( filePtr,"createXMLTestData: tree4 from xmlNewChild: 0x%X\n", tree4); buf = xmlBufferCreateSize( 2048 ); // now that memory tree is built - out some info using // point to the first node - test dump it!!!! cur = xmlDocGetRootElement(doc); cur = cur->xmlChildrenNode; cur = cur->next; // point to first real child fprintf( filePtr,"testXML: BEFORE xmlNodeDump cur VALUE: 0x% X\n", cur); // test node dump output iRetVal = xmlNodeDump(buf, doc, cur, 1, 0); fprintf( filePtr,"testXML: iRetVal from xmlNodeDump: % d\n", iRetVal); iRetVal = xmlBufferLength(buf); fprintf( filePtr,"testXML: iRetVal from xmlBufferLength: % d\n", iRetVal); (const char *)charPtr = xmlBufferContent( buf ); fprintf( filePtr, "buf contents0: %s\n", charPtr ); fflush( filePtr); // test elem dump output [BOMBS] xmlElemDump( filePtr, doc, cur); fprintf( filePtr, "testXML: back from xmlElemDump\n"); } } else fprintf( filePtr, "failure creating doc using xmlNewDoc\n" ); fclose( filePtr ); // CLOSE TUE AUX FILE } else { printf("testXML: COULDN'T OPEN FILE testHistAux.out: \n"); } } ********************** source code ends ********************* ********************* test file output ************************ and the output to testXMLTemp.out is: createXMLTestData: doc->children from xmlNewDocNode: 0x852520 createXMLTestData: tree1 from xmlNewChild: 0x8525C8 createXMLTestData: tree2 from xmlNewChild: 0x852680 createXMLTestData: tree3 from xmlNewChild: 0x852730 createXMLTestData: tree4 from xmlNewChild: 0x8527E0 testXML: BEFORE xmlNodeDump cur VALUE: 0x8525C8 testXML: iRetVal from xmlNodeDump: 43 testXML: iRetVal from xmlBufferLength: 43 buf contents0: <RECORDTIME>12:00:00 08-29-203</RECORDTIME> ********************* test file output ************************ ********* CRASH********* CRASH************** [xmlElemDump] Any help???, Thanks in advance, Rusty
Do you ever call xmlInitParser(); ? Add a call at the beginning of the program, does this avoid the problem ? Did you compile with thread support ? Seems to show up only on Windows, hence it's not a critical bug from a GNOME standpoint. Daniel
Created attachment 19044 [details] Notes on code and debugger output
Created attachment 19045 [details] Notes to Daniel Veillard from Rusty Waters
Your code is obviously buggy, xmlBufferContent() returns a const char *. You're not supposed to free this: attachment 19044 [details] shows charPtr = xmlNodeGetContent( cur ); fpvTraceprintfT(dTraceBackup,(dvChar *)"writeXMLTestHistoryRecord: walking tree char value: %s", charPtr); fprintf(filePtr, "NODE NAME:%s NODE VALUE:%s\n", cur->name, charPtr); xmlFree( charPtr ); then later you're surprized that reusing cur fails ! xmlElemDump( filePtr, doc, cur ); // *** BOMBS ** You have freed the data array of the buffer ! Please debug your code before submitting it as a bug report I just can't spend time doing this for you ! Concerning the initial code, it works fine on Linux, and since the code 1/ ain't complete 2/ had to be modified (what is a dvVoid ??? a void apparently) to compile , then I cannot make any guesses why it would not work somewhere else. It can be anything either platform dependant or your surrounding code. Test xmllint program on your platform, if it works correctly, then that probably means the bug is in your code. Daniel
No more information, let's close it, Daniel