After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 584220 - xpointer(/) makes xmllint crash
xpointer(/) makes xmllint crash
Status: RESOLVED FIXED
Product: libxml2
Classification: Platform
Component: general
git master
Other Linux
: Normal normal
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2009-05-29 17:13 UTC by Jakub Wilk
Modified: 2009-08-25 18:50 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
test case (176 bytes, text/xml)
2009-05-29 17:16 UTC, Jakub Wilk 		Details

Description Jakub Wilk 2009-05-29 17:13:35 UTC 
$ gdb xmllint
[...]
(gdb) run --xinclude test.xml > /dev/null
Starting program: /usr/bin/xmllint --xinclude test.xml > /dev/null

Program received signal SIGSEGV, Segmentation fault.
[...]
(gdb) bt full

+ Trace 215764

  • #0 *__GI___libc_free
    at malloc.c line 3599
  • #1 xmlFreeNodeList__internal_alias
    at tree.c line 3615
  • #2 xmlFreeDoc__internal_alias
    at tree.c line 1223
  • #3 parseAndPrintFile
    at xmllint.c line 2768
  • #4 main
    at xmllint.c line 3523 






Comment 1


Jakub Wilk





          2009-05-29 17:16:38 UTC
        



Created attachment 135566 [details]
test case






Comment 2


Daniel Veillard





          2009-08-25 17:27:18 UTC
        



Okay, I could not really reproduce the problem but I saw a couple
of bad things when running that code, first the dictionary from
the original document wasn't reused and second a document node
was copied inside the target generating havoc. Both could have led
to the crash you're seeing, I think this should be fixed now:

paphio:~/XML -> cat ../test.xml 
<?xml version='1.0'?>
<include xmlns="http://www.w3.org/2003/XInclude"
href="http://www.w3.org/TR/2003/REC-xptr-framework-20030325/xptr-framework.xml"
xpointer="xpointer(/)"/>
paphio:~/XML -> valgrind xmllint --xinclude --noout ../test.xml
paphio:~/XML -> 

  Applied and commited to git,

   thanks !

Daniel






Comment 3


Jakub Wilk





          2009-08-25 18:50:09 UTC
        



Unfortunately, your fix didn't help:

$ valgrind -q xmllint --noout --xinclude ./test.xml 
==5714== Invalid free() / delete / delete[]
==5714==    at 0x4006E3A: free (vg_replace_malloc.c:323)
==5714==    by 0x4053715: xmlFreeNodeList (tree.c:3397)
==5714==    by 0x40533EB: xmlFreeDoc (tree.c:1216)
==5714==    by 0x804D254: parseAndPrintFile (xmllint.c:2765)
==5714==    by 0x805004D: main (xmllint.c:3504)
==5714==  Address 0xfffffffe is not stack'd, malloc'd or (recently) free'd