GNOME Bugzilla – Bug 696249
Recursion and crash in xmlParseElementContentDecl
Last modified: 2021-07-05 13:20:43 UTC
Please find the xml script which is causing recursion and crash: <!DOCTYPE a[<!ELEMENT a ((((((((((((((((((((((((((((((((#PCDATA)*>]><!----><tns:Envelope xmlns:tns="http://schemas.xmlsoap.org/soap/envelope/"> <tns:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsa:To>http://10.18.47.102/</wsa:To> <wsa:MessageID>113ab64d38239017b64d3919</wsa:MessageID> <wsa:Action>urn:echo</wsa:Action> </tns:Header><tns:Body> <example1:echo xmlns:example1="http://example1.org/example1"> <example1:Text>Axis2 Echo String </example1:Text> </example1:echo></tns:Body></tns:Envelope> Call Stack : libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C The above line is repeated more than 1000 times libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementChildrenContentDecl(_xmlParserCtxt * ctxt=0x00cf7de0, int inputchk=8) Line 5657 + 0xd bytes C libxml2.dll!xmlParseElementContentDecl(_xmlParserCtxt * ctxt=0x00cf7120, const unsigned char * name=0x00cefe9b, _xmlElementContent * * result=0x023dde9c) Line 5937 + 0xd bytes C libxml2.dll!xmlParseElementDecl(_xmlParserCtxt * ctxt=0x00cf7120) Line 6001 + 0x11 bytes C libxml2.dll!xmlParseMarkupDecl(_xmlParserCtxt * ctxt=0x00cf7120) Line 6226 + 0x9 bytes C libxml2.dll!xmlParseInternalSubset(_xmlParserCtxt * ctxt=0x00cf7120) Line 7595 + 0x9 bytes C libxml2.dll!xmlParseDocument(_xmlParserCtxt * ctxt=0x00cf7120) Line 9981 + 0x9 bytes C libxml2.dll!xmlSAXUserParseMemoryCtxt(_xmlSAXHandler * sax=0x005d7980, void * user_data=0x023de66c, const char * buffer=0x023ec2d0, int size=33255, void (void *)* ctxtCall=0x00520435) Line 14351 + 0x9 bytes C Let me know if any other information is required to get the problem. Please help me to solve this problem. Thanks for your help in advance.
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/libxml2/-/issues/ Thank you for your understanding and your help.