Bug 611177 – libxml2 crashes when resolving entity references from external files

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 611177 - libxml2 crashes when resolving entity references from external files


Summary:	libxml2 crashes when resolving entity references from external files


Status:	RESOLVED FIXED

Product:	libxml2
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Daniel Veillard
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-02-26 13:24 UTC by Stefan Behnel
Modified:	2017-06-08 11:59 UTC

See Also:	https://launchpad.net/bugs/502959
GNOME target:	---
GNOME version:	---

Description Stefan Behnel 2010-02-26 13:24:46 UTC

Steps to reproduce:

1) Download and extract the following archive of docbook XML files:

http://diveintopython.org/download/diveintopython-xml-5.4.zip

2) Run

xmllint --noent diveintopython-5.4/xml/diveintopython.xml

A run under valgrind indicates that the parser is trying to access entity data from a memory location that was previously freed. I suspect that the data was freed because it originally came from an external entity.

Comment 1 pavel 2011-07-05 23:30:08 UTC

The same issue goes for libxml 2.7.7.dfsg-2 and 2.7.8.dfsg-3
It faults on mapnik style files, better written here http://trac.mapnik.org/ticket/566

Steps:
svn checkout http://svn.openstreetmap.org/applications/rendering/mapnik
xmllint --noent mapnik/osm.xml

Comment 2 Nick Wellnhofer 2017-06-08 11:59:27 UTC

diveintopython.xml works for me with current git master under ASan, and with 2.9.4 under Valgrind. So I guess this was fixed.