After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 659361 - xmlCopyProp copies incorrectly attribute namespace
xmlCopyProp copies incorrectly attribute namespace
Status: RESOLVED OBSOLETE
Product: libxml2
Classification: Platform
Component: general
2.7.8
Other Linux
: Normal normal
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2011-09-17 22:29 UTC by sam
Modified: 2021-07-05 13:25 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description sam 2011-09-17 22:29:05 UTC 
When doing xmlDocCopyNode() from one document to another, xmlCopyProp() incorrectly copies xml: attribute namespace ptr from one document to another document - this namespace seems to be freed when original document is destroyed,
what results in random SIGSEGVs or garbled output by xmlNodeDump() on (second) document.

Possible way to reproduce:
1. create document with xml:lang attrib on some node
2. create 2nd document
3. import node tree with xml:lang attrib
4. dump 2nd document


This is my assumption what happens, it was pretty hard to discover where this bug comes from and there was no more time to describe it better ;)
IMHO code responsible for this bug is in tree.c:3973 - maybe there should be also check if referenced namespace really belongs to current document.

        /*
         * we have to find something appropriate here since
         * we cant be sure, that the namespce we found is identified
         * by the prefix
         */
        if (xmlStrEqual(ns->href, cur->ns->href)) {
          /* this is the nice case */
          ret->ns = ns;
        } else {

My (perl) app processes huge documents with many different namespaces, therefore it's interesting that this bug occurs only for xml: namespace (concretely xml:lang attrib), but this can depend on special handling of xml: namespace by libxml2.

As a dummy fix for this I'm now cloning nodes, instead of importing them ;(
Comment 1 David Kilzer 2016-05-24 03:59:32 UTC 
Note that libxslt also uses xmlDocCopyNode() API.
Comment 2 Nick Wellnhofer 2016-05-24 13:33:55 UTC 
Tried to reproduce with the following Perl script:

use strict;
use XML::LibXML;

my $source = XML::LibXML->new->parse_string(<<'EOF');
<elem>
  <child xml:lang="de"/>
</elem>
EOF
my $dest = XML::LibXML->new->parse_string(<<'EOF');
<doc/>
EOF
my $copy = $dest->importNode($source->documentElement);
$source = undef; # This should free the source document.
$dest->documentElement->appendChild($copy);
print $dest->toString;

But works as expected. (importNode calls xmlDocCopyNode internally.)
Comment 3 GNOME Infrastructure Team 2021-07-05 13:25:13 UTC 
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version, then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new ticket at
  https://gitlab.gnome.org/GNOME/libxml2/-/issues/

Thank you for your understanding and your help.