After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 382771 - Expression exsl:node-set('')/node causes segfault
Expression exsl:node-set('')/node causes segfault
Status: RESOLVED FIXED
Product: libxslt
Classification: Platform
Component: general
1.1.x
Other All
: Normal critical
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2006-12-05 21:28 UTC by Nick Wellnhofer
Modified: 2006-12-07 18:19 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
XSL file that produces a segfault (314 bytes, text/xml)
2006-12-05 21:29 UTC, Nick Wellnhofer 		Details
Empty XML file for the test case (54 bytes, text/xml)
2006-12-05 21:30 UTC, Nick Wellnhofer 		Details

Description Nick Wellnhofer 2006-12-05 21:28:31 UTC 
Steps to reproduce:
Run "xsltproc crash.xsl dummy.xml" using the attached files

Stack trace:
nik@druid:~/libxml-crash> gdb xsltproc
GNU gdb 5.2.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-suse-linux"...
(gdb) run crash.xsl dummy.xml
Starting program: /usr/local/bin/xsltproc crash.xsl dummy.xml
[New Thread 1024 (LWP 23036)]

Program received signal SIGSEGV, Segmentation fault.

+ Trace 91879

Thread 1024 (LWP 23036)

  • #0 xmlXPathNodeCollectAndTest
    at xpath.c line 12435
  • #1 xmlXPathCompOpEval
    at xpath.c line 13241
  • #2 xmlXPathCompOpEval
    at xpath.c line 13719
  • #3 xmlXPathRunEval
    at xpath.c line 14287
  • #4 xmlXPathCompiledEvalInternal
    at xpath.c line 14645
  • #5 xmlXPathCompiledEval
    at xpath.c line 14709
  • #6 xsltValueOf
    at transform.c line 4007
  • #7 xsltApplyOneTemplateInt
    at transform.c line 2525
  • #8 xsltProcessOneNode
    at transform.c line 1658
  • #9 xsltApplyStylesheetInternal
    at transform.c line 5338
  • #10 xsltProcess
    at xsltproc.c line 397
  • #11 main
    at xsltproc.c line 830
  • #12 __libc_start_main
    from /lib/i686/libc.so.6 


Other information:
I'm using libxslt 1.1.17 and libxml2 2.6.27. This didn't crash with a previous version, but I don't know since when exactly.
Comment 1 Nick Wellnhofer 2006-12-05 21:29:34 UTC 
Created attachment 77759 [details]
XSL file that produces a segfault
Comment 2 Nick Wellnhofer 2006-12-05 21:30:43 UTC 
Created attachment 77760 [details]
Empty XML file for the test case
Comment 3 Nick Wellnhofer 2006-12-05 21:34:03 UTC 
Simply removing lines 12435 and 12436 from xpath.c (libxml2 2.6.27) seems to work. The comment there also looks a bit scary.
Comment 4 William M. Brack 2006-12-05 23:55:47 UTC 
Could you please try with the latest CVS (both libxml and libxslt)?  Your testfiles seem to work ok for me.
Comment 5 Nick Wellnhofer 2006-12-07 17:17:13 UTC 
I tried libxslt 1.1.19 and it doesn't crash with that version.
Comment 6 William M. Brack 2006-12-07 18:19:08 UTC 
Excellent - but there is also one additional fix in CVS (libxslt) which may also affect this.  That fix will be included in 1.1.20 when it is released in the near future.

I'm closing this report as "fixed".