GNOME Bugzilla – Bug 53391
"xmlSAXParseFile" causes seg. faults if a SAX Handler is passed
Last modified: 2009-08-15 18:40:50 UTC
The application compiles correctly, but crashes if a SAX Handler is passed to the function "xmlSAXParseFile". If the default handler is used (sax==NULL), the application works correctly. Otherwise the application crashes in the first function that accesses "ctxt->user_data". Example: xmlSAXUserParseFile(testSAXHandler,0, filename); /* ok */ doc = xmlSAXParseFile(0, filename,0); /* ok */ doc = xmlSAXParseFile(testSAXHandler, filename,0); /*segmentation fault*/ I use libxml2 2.3.5 The code is still available in todays cvs snapshot (Apr, 19). In file "parser.c": (a) function "xmlSAXParseFile" will cause later segmentation faults if a SAX handler is passed. (tested) (exactly the same code is in function "xmlSAXParseEntity") similar problems could appear in (b) function "xmlSAXParseMemory" (same code is in "xmlSAXParseDoc") (c) function "xmlSAXUserParseMemory" (both not tested) The function "xmlSAXUserParseFile" works correct. fixing sugestions: (a) > if (sax != NULL) { > if (ctxt->sax != NULL) > xmlFree(ctxt->sax); > ctxt->sax = sax; < ctxt->userData = NULL; /* remove this line! */ > } comment: it the NULL assignment is removed the application returns correct results. (b) > if (sax != NULL) { > ctxt->sax = sax; < ctxt->userData = NULL; /* remove this line!? */ > } comment: this code piece will cause the same effect as (a) (c) apps will seg fault if user_data == NULL is passed. > if (sax != NULL) { > oldsax = ctxt->sax; > ctxt->sax = sax; > } < ctxt->userData = user_data; /* replace this line with next line */ > if ( user_data != NULL ) ctxt->user_data = user_data; The last line is from "xmlSAXUserParseFile" Christian
Okay, this look sensible, I have done the changes suggested, thanks for the report, Daniel
shipped in 2.3.8, I hope it's not the source of http://mail.gnome.org/archives/xml/2001-May/msg00010.html Daniel
Seems it's fine, closed ! Daniel