GNOME Bugzilla – Bug 692915
libxml2 v2.9.0 emits spurious errors when dealing with large CDATA sections in UTF-16 input
Last modified: 2013-02-15 22:13:58 UTC
Created attachment 234884 [details] Test case I've been testing WebKit against libxml2 v2.9.0 recently and have discovered a regression in handling of UTF-16 input. When xmlParseChunk is passed a large block of data there appear to be some conditions in which libxml2 will only process a portion of the input, and will raise an error due to concluding that the input ended prematurely. When this happens there are bytes in the raw input buffer that have yet to be decoded. The attached program can be compiled using a command-line like: cc -g -lxml2 -I/usr/include/libxml2 -o libxml2-decoding-bug libxml2-decoding-bug.c It can be run without arguments. The incorrect output looks like so: > Character count: 271751 > startElement: root > CDATA block of length 300 > xmlParseChunk result: 0 > CDATA block of length 300 > Extra content at the end of the document > xmlParseChunk result: 5 The expected output is: > Character count: 271751 > startElement: root > CDATA block of length 271700 > xmlParseChunk result: 0 > xmlParseChunk result: 0 The bug appears to have been introduced in the range 65c7d3b..a78d803, which was the implementation of the new input buffers.
This was fixed by <http://git.gnome.org/browse/libxml2/commit/?id=bf058dce131751ff8b69d32eae68cf564cd73aef>.