After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 792580 - Segfault with nested exslt function calls
Segfault with nested exslt function calls
Status: RESOLVED FIXED
Product: libxslt
Classification: Platform
Component: general
git master
Other Linux
: Normal normal
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2018-01-16 16:00 UTC by Clemens Gutweiler
Modified: 2018-01-17 13:59 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
last.xsl (2.07 KB, text/xml)
2018-01-16 16:00 UTC, Clemens Gutweiler 		Details
last.xml (48 bytes, text/xml)
2018-01-16 16:01 UTC, Clemens Gutweiler 		Details

Description Clemens Gutweiler 2018-01-16 16:00:50 UTC 
Created attachment 366888 [details]
last.xsl

Since commit 470b17346163ba3deceb29eb4149ae140b595cdd (Rewrite memory management of local RVTs) the attached code results in a segmentation fault. (used git bisect to find it)

Versions affected: 1.1.30, 1.1.31, 1.1.32

The transformation works fine with 1.1.29



/usr/local/libxslt-1.1.32/bin/xsltproc --verbose last.xsl last.xml

creating dictionary for stylesheet
reusing dictionary from last.xsl for stylesheet
xsltParseStylesheetProcess : found stylesheet
add extension prefix func
Registering extension namespace 'http://exslt.org/functions'.
Initializing module with callback: http://exslt.org/functions
xsltPreprocessStylesheet: removing ignorable blank node
xsltCompilePattern : parsing 'site'
xsltCompilePattern : parsed site, default priority 0.000000
added pattern : 'site' priority 0.000000
exsltFuncFunctionComp: register {http://exslt.org/functions}a
xsltParseStylesheetTop : found foreign element function
exsltFuncFunctionComp: register {http://exslt.org/functions}string-clear
xsltParseStylesheetTop : found foreign element function
exsltFuncFunctionComp: register {http://exslt.org/functions}string-clear-char
xsltParseStylesheetTop : found foreign element function
parsed 1 templates
Resolving attribute sets references
Creating sub-dictionary from stylesheet for transformation
exsltFuncRegisterFunc: register {http://exslt.org/functions}a
exsltFuncRegisterFunc: register {http://exslt.org/functions}string-clear
exsltFuncRegisterFunc: register {http://exslt.org/functions}string-clear-char
Registered module http://exslt.org/functions
Registered 1 modules
reusing transformation dict for output
Registering global variables
Registering global variables from last.xsl
xsltProcessOneNode: no template found for /
xsltProcessOneNode: applying template 'site' for site
xsltValueOf: select func:a(1)
Lookup function {http://exslt.org/functions}a
found function a
Handling xsl:with-param depth
Building variable depth
Evaluating variable 'depth'
xsltApplySequenceConstructor: copy text 0
xsltCopyText: copy text 0
Object is an XSLT value tree :
1  TEXT

[....]

xsltFreeStackElem: Unexpected RVT flag 0
xsltFreeStackElem: Unexpected RVT flag 0
xsltFreeStackElem: Unexpected RVT flag 0
xsltFreeStackElem: Unexpected RVT flag 0
xsltFreeStackElem: Unexpected RVT flag 0
xsltFreeStackElem: Unexpected RVT flag 0
xsltFreeStackElem: Unexpected RVT flag 0
xsltFreeStackElem: Unexpected RVT flag 0
Flagging RVT 0x55e29f770620: 0x3 -> 0x1
xsltCopyTextString: copy text 12
xsltValueOf: result '12'
Segmentation fault

Dist: Alpine Linux, musl

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7d95b0d in free () from /lib/ld-musl-x86_64.so.1
(gdb) bt

+ Trace 238339

  • #0 free
    from /lib/ld-musl-x86_64.so.1
  • #1 __bss_start
    from /lib/ld-musl-x86_64.so.1
  • #2 ??
  • #3 ??
  • #4 free
    from /lib/ld-musl-x86_64.so.1
  • #5 ??
  • #6 ??
  • #7 ??
  • #8 ??
  • #9 ??
  • #10 ??
  • #11 ??
  • #12 xsltFreeKeyTable
    at keys.c line 158
  • #13 xsltFreeKeyTableList
    at keys.c line 181
  • #14 xsltFreeDocumentKeys
    at keys.c line 936
  • #15 xsltReleaseRVT
    at variables.c line 406
  • #16 xsltFreeStackElem
    at variables.c line 589
  • #17 xsltFreeStackElemList
    at variables.c line 631
  • #18 exsltFuncFunctionFunction
    at functions.c line 428
  • #19 xmlXPathCompOpEval
    at xpath.c line 13619
  • #20 xmlXPathCompOpEval
    at xpath.c line 14004
  • #21 xmlXPathCompOpEval
    at xpath.c line 14584
  • #22 xmlXPathRunEval
    at xpath.c line 14584
  • #23 xmlXPathCompiledEvalInternal
    at xpath.c line 14952
  • #24 xmlXPathCompiledEval__internal_alias
    at xpath.c line 14998 






Comment 1


Clemens Gutweiler





          2018-01-16 16:01:25 UTC
        



Created attachment 366889 [details]
last.xml






Comment 2


Nick Wellnhofer





          2018-01-17 13:02:29 UTC
        



Fixed here: https://git.gnome.org/browse/libxslt/commit/?id=8bd32f7753ac253a54279a0b6a88d15a57076bb0

Thanks for the report!






Comment 3


Clemens Gutweiler





          2018-01-17 13:59:36 UTC
        



Thanks for the fast fix, i can confirm that it works now!