GNOME Bugzilla – Bug 637444
Segmentation fault while validating a xml file
Last modified: 2021-07-05 13:23:44 UTC
Hi, I'm trying to validate an xml file that has an error: schema.xsd: ---------------------------------- <?xml version="1.0"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:complexType name="A"> <xs:all> <xs:element name="b" type="xs:string"/> </xs:all> </xs:complexType> <xs:element name="a" type="A"/> </xs:schema> wrong-xml.xml: ---------------------------------- <?xml version="1.0"?> <a> <b/> </a> ---------------------------------------- I get a segmentation fault while validating with the testSchemas executable: ./testSchemas schema.xsd wrong-xml.xml The problem is that in the method xmlSchemaValAtomicType (found in "xmlschemastypes.c") the pointer "value" is not validated before being used: static int xmlSchemaValAtomicType(xmlSchemaTypePtr type, const xmlChar * value, xmlSchemaValPtr * val, xmlNodePtr node, int flags) { xmlSchemaValPtr v; xmlChar *norm = NULL; int ret = 0; if (xmlSchemaTypesInitialized == 0) return (-1); if (type == NULL) return (-1); // VALIDATE "value" POINTER BEFORE CONTINUE if (value == NULL) return (-1) // the rest of the method .... I donwloaded this version of libxml2: libxml2-2.6.9
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/libxml2/-/issues/ Thank you for your understanding and your help.