|
List Info
Thread: an xpath segfault reproducible with xmllint
|
|
| an xpath segfault reproducible with
xmllint |
 
Czech Republic |
2007-04-03 11:04:54 |
Hi Daniel, All,
I have experienced segfaults where just an error should be
issued. After
playing with the xpath for a while, I have narrowed it to
the following test
case:
xmllint --shell test.xml
/ > xpath *[ a=name(concat(""))]
XPath error : Invalid number of arguments
XPath error : Invalid type
xmlXPathEval: 3 object left on the stack
Object is empty (NULL)
/ > xpath *[a=name(concat(""))]
XPath error : Invalid number of arguments
Segmentation fault (SIGSEGV)
Notes:
1) test.xml can by any XML file
2) you may need to repeat the xpath query two or more times
before it actually
segfaults, but valgrind indicates a problem already during
the first run
3) with just *[name("")] I have to repeat 3 times
before it segfaults, but it
does; valgrind shows a problem only on 1st run, though
4) name("") alone is ok (invalid type error is
reported)
5) I'm running libxml2-2.6.27, openSuSE 10.2
-- Petr
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
| Re: an xpath segfault reproducible with
xmllint |
|
2007-04-04 07:50:47 |
On Tue, Apr 03, 2007 at 06:04:54PM +0200, Petr Pajas wrote:
> Hi Daniel, All,
>
> I have experienced segfaults where just an error should
be issued. After
> playing with the xpath for a while, I have narrowed it
to the following test
> case:
>
> xmllint --shell test.xml
> / > xpath *[a=name(concat(""))]
> XPath error : Invalid number of arguments
> XPath error : Invalid type
> xmlXPathEval: 3 object left on the stack
> Object is empty (NULL)
> / > xpath *[a=name(concat(""))]
> XPath error : Invalid number of arguments
> Segmentation fault (SIGSEGV)
>
> Notes:
> 1) test.xml can by any XML file
>
> 2) you may need to repeat the xpath query two or more
times before it actually
> segfaults, but valgrind indicates a problem already
during the first run
>
> 3) with just *[name("")] I have to repeat 3
times before it segfaults, but it
> does; valgrind shows a problem only on 1st run, though
>
> 4) name("") alone is ok (invalid type error
is reported)
>
> 5) I'm running libxml2-2.6.27, openSuSE 10.2
I can't reproduce it with CVS head nor the default binary
installed on
RHEL5 x86_64 nor i386, please provide more informations
about the crash because
here it is really behaving as it should:
paphio:~/XML -> valgrind xmllint --shell test.xml
/ > xpath *[a=name(concat(""))]
XPath error : Invalid number of arguments
XPath error : Invalid type
xmlXPathEval: 3 object left on the stack
Object is empty (NULL)
/ > xpath *[a=name(concat(""))]
XPath error : Invalid number of arguments
XPath error : Invalid type
xmlXPathEval: 3 object left on the stack
Object is empty (NULL)
/ > xpath *[a=name(concat(""))]
XPath error : Invalid number of arguments
XPath error : Invalid type
xmlXPathEval: 3 object left on the stack
Object is empty (NULL)
/ > quit
paphio:~/XML -> rpm -qf /usr/bin/xmllint
libxml2-2.6.26-2.1.2
libxml2-2.6.26-2.1.2
paphio:~/XML -> valgrind /usr/bin/xmllint --shell
test.xml
/ > xpath *[a=name(concat(""))]
==21965== Conditional jump or move depends on uninitialised
value(s)
==21965== at 0x39BE684DA4: (within
/usr/lib64/libxml2.so.2.6.26)
==21965== by 0x39BE6837F5: (within
/usr/lib64/libxml2.so.2.6.26)
==21965== by 0x39BE6831CD: (within
/usr/lib64/libxml2.so.2.6.26)
==21965== by 0x39BE6883E5: xmlXPathEval (in
/usr/lib64/libxml2.so.2.6.26)
==21965== by 0x39BE675156: xmlShell (in
/usr/lib64/libxml2.so.2.6.26)
==21965== by 0x4066A6: (within /usr/bin/xmllint)
==21965== by 0x408A38: (within /usr/bin/xmllint)
==21965== by 0x39B9A1D8A3: (below main) (in
/lib64/libc-2.5.so)
XPath error : Invalid number of arguments
XPath error : Invalid type
XPath error : Invalid type
xmlXPathEval: 2 object left on the stack
Object is empty (NULL)
/ > xpath *[a=name(concat(""))]
XPath error : Invalid number of arguments
XPath error : Invalid type
XPath error : Invalid type
xmlXPathEval: 2 object left on the stack
Object is empty (NULL)
/ > xpath *[a=name(concat(""))]
XPath error : Invalid number of arguments
XPath error : Invalid type
XPath error : Invalid type
xmlXPathEval: 2 object left on the stack
Object is empty (NULL)
/ > quit
paphio:~/XML ->
The first run conditional jump is IMHO unrelated, it seems
to be an
optimization by gcc that valgrind misunderstand or something
of this kind,
it does not show up in non-optimized code and this has been
that way for years
as far as I can tell.
Please provide the traceback for the crash because here
everything seems
to behave normally (considering that the XPath evaluation
failed but that's
normal). I have tried on 2 different architectures with 2
kind of different
compiles and it all seems mormal on my systems.
Daniel
--
Red Hat Virtualization group http://redhat.com/v
irtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillardredhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ |
Rpmfind RPM search engine http://rpmfind.net/
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
| Re: an xpath segfault reproducible with
xmllint |
Czech Republic |
2007-04-04 08:00:23 |
On Wednesday 04 April 2007 14:50, Daniel Veillard wrote:
> On Tue, Apr 03, 2007 at 06:04:54PM +0200, Petr Pajas
wrote:
> > Hi Daniel, All,
> >
> > I have experienced segfaults where just an error
should be
> > issued. After playing with the xpath for a while,
I have
> > narrowed it to the following test case:
> >
> > xmllint --shell test.xml
> > / > xpath *[a=name(concat(""))]
> > XPath error : Invalid number of arguments
> > XPath error : Invalid type
> > xmlXPathEval: 3 object left on the stack
> > Object is empty (NULL)
> > / > xpath *[a=name(concat(""))]
> > XPath error : Invalid number of arguments
> > Segmentation fault (SIGSEGV)
> >
> > Notes:
> > 1) test.xml can by any XML file
> >
> > 2) you may need to repeat the xpath query two or
more times
> > before it actually segfaults, but valgrind
indicates a problem
> > already during the first run
> >
> > 3) with just *[name("")] I have to
repeat 3 times before it
> > segfaults, but it does; valgrind shows a problem
only on 1st
> > run, though
> >
> > 4) name("") alone is ok (invalid type
error is reported)
> >
> > 5) I'm running libxml2-2.6.27, openSuSE 10.2
>
> I can't reproduce it with CVS head nor the default
binary
> installed on RHEL5 x86_64 nor i386, please provide
more
> informations about the crash because here it is really
behaving
> as it should:
valgrind output is below; it's not built with -g so this
doesn't say
that much. I'll try to install the -debuginfo packages or
recompile
and come back with a more detailed one later:
$ valgrind xmllint --shell test.xml
...
/ > xpath *[a=name(concat(""))]
XPath error : Invalid number of arguments
XPath error : Invalid type
==16758== Invalid read of size 4
==16758== at 0x414DE11: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C03A8 is 0 bytes inside a block of
size 40
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414DE31: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758==
==16758== Invalid read of size 4
==16758== at 0x414DE40: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C03B0 is 8 bytes inside a block of
size 40
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414DE31: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758==
==16758== Invalid read of size 4
==16758== at 0x414DE61: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C03AC is 4 bytes inside a block of
size 40
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414DE31: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758==
==16758== Invalid read of size 4
==16758== at 0x414D65B: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C0408 is 8 bytes inside a block of
size 12
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414D6A5: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758==
==16758== Invalid read of size 4
==16758== at 0x414D662: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C0400 is 0 bytes inside a block of
size 12
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414D6A5: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758==
==16758== Invalid read of size 4
==16758== at 0x414D668: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C0408 is 8 bytes inside a block of
size 12
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414D6A5: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758==
==16758== Invalid read of size 4
==16758== at 0x414D677: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C0440 is 0 bytes inside a block of
size 40
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414D6A0: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758==
==16758== Invalid read of size 4
==16758== at 0x414D673: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C0400 is 0 bytes inside a block of
size 12
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414D6A5: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758==
==16758== Invalid free() / delete / delete[]
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414D6A0: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C0440 is 0 bytes inside a block of
size 40
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414D6A0: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758==
==16758== Invalid free() / delete / delete[]
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414D6A5: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C0400 is 0 bytes inside a block of
size 12
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414D6A5: xmlXPathFreeNodeSet
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414DE6F: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758==
==16758== Invalid free() / delete / delete[]
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414DE31: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C1AE: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
==16758== Address 0x43C03A8 is 0 bytes inside a block of
size 40
free'd
==16758== at 0x402300A: free
(in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16758== by 0x414DE31: xmlXPathFreeObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414E45B: xmlXPathReleaseObject
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415A2F8: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x4159FEA: xmlXPathCompOpEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415BDCF: xmlXPathRunEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x415C16E: xmlXPathEval
(in /usr/lib/libxml2.so.2.6.27)
==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
==16758== by 0x8050003: main (in /usr/bin/xmllint)
-- Petr
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
| Re: an xpath segfault reproducible with
xmllint |
|
2007-04-04 08:13:56 |
On Wed, Apr 04, 2007 at 03:00:23PM +0200, Petr Pajas wrote:
> valgrind output is below; it's not built with -g so
this doesn't say
> that much. I'll try to install the -debuginfo packages
or recompile
> and come back with a more detailed one later:
>
> $ valgrind xmllint --shell test.xml
> ...
> / > xpath *[a=name(concat(""))]
> XPath error : Invalid number of arguments
> XPath error : Invalid type
> ==16758== Invalid read of size 4
> ==16758== at 0x414DE11: xmlXPathFreeObject
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x414E45B: xmlXPathReleaseObject
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x415C1AE: xmlXPathEval
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
> ==16758== by 0x8050003: main (in /usr/bin/xmllint)
> ==16758== Address 0x43C03A8 is 0 bytes inside a block
of size 40
> free'd
> ==16758== at 0x402300A: free
> (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
> ==16758== by 0x414DE31: xmlXPathFreeObject
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x414E45B: xmlXPathReleaseObject
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x415C74A: xmlXPathCompOpEvalPredicate
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x415D6B8: xmlXPathNodeCollectAndTest
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x415A2F8: xmlXPathCompOpEval
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x4159FEA: xmlXPathCompOpEval
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x415BDCF: xmlXPathRunEval
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x415C16E: xmlXPathEval
> (in /usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x414B846: xmlShell (in
/usr/lib/libxml2.so.2.6.27)
> ==16758== by 0x804DB5C: parseAndPrintFile (in
/usr/bin/xmllint)
> ==16758== by 0x8050003: main (in /usr/bin/xmllint)
> ==16758==
> ==16758== Invalid read of size 4
> ==16758== at 0x414DE40: xmlXPathFreeObject
Please try to reproduce the crash under gdb with code
compiled with memory
debug. I would also raise a bug on SuSE side they should be
able to identify
where the problem is coming from exactly, without line
number it's really
trying to shoot at a target in the dark.
Can you make sure no patch was applied on SuSE rpms, I
doubt it but
that may happen. Maybe someone from SuSe is monitoting that
list and can
act on this problem (thanks in advance !)
Daniel
--
Red Hat Virtualization group http://redhat.com/v
irtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillardredhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ |
Rpmfind RPM search engine http://rpmfind.net/
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
| Re: an xpath segfault reproducible with
xmllint |
|
2007-04-04 09:31:21 |
On Wed, Apr 04, 2007 at 04:21:50PM +0200, Pavol Rusnak
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Daniel Veillard wrote:
> > Can you make sure no patch was applied on SuSE
rpms, I doubt it but
> > that may happen. Maybe someone from SuSe is
monitoting that list and can
> > act on this problem (thanks in advance !)
>
> Hello Petr and Daniel!
>
> I'm maintainer of libxml2 in SuSE. Our libxml2-2.6.27
has 4 patches, I'm
> attaching relevant one (null-retval.patch). This was a
patch for older
> bug I reported earlier: http
://bugzilla.gnome.org/show_bug.cgi?id=400242
> - - and was fixed in CVS by William M. Brac.
the patch attached looks just fine, I don't see it
generating such a problem
> GDB output of testcase with debuginfo installed:
>
> (gdb) r --shell test.xml
> Starting program: /usr/bin/xmllint --shell test.xml
> / > xpath *[a=name(concat(""))]
> XPath error : Invalid number of arguments
> XPath error : Invalid type
> xmlXPathEval: 3 object left on the stack
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00002b2102bb5d4b in xmlXPathFreeNodeSet
(obj=0x6660f0) at xpath.c:4059
> 4059 if ((obj->nodeTab[i] != NULL)
&&
What is the stack like, and value for i and
obj->nodeNr.
As stated I tested with latest SVN version on 2 machines
without seeing the
problem myself.
Daniel
--
Red Hat Virtualization group http://redhat.com/v
irtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillardredhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ |
Rpmfind RPM search engine http://rpmfind.net/
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
| Re: an xpath segfault reproducible with
xmllint |
Czech Republic |
2007-04-04 09:42:27 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel Veillard wrote:
> What is the stack like, and value for i and
obj->nodeNr.
> As stated I tested with latest SVN version on 2
machines without seeing the
> problem myself.
(gdb) r --shell test.xml
Starting program: /usr/bin/xmllint --shell test.xml
/ > xpath *[a=name(concat(""))]
XPath error : Invalid number of arguments
XPath error : Invalid type
xmlXPathEval: 3 object left on the stack
Program received signal SIGSEGV, Segmentation fault.
0x00002b9636a24d4b in xmlXPathFreeNodeSet (obj=0x6660f0) at
xpath.c:4059
4059 if ((obj->nodeTab[i] != NULL)
&&
(gdb) bt
#0 0x00002b9636a24d4b in xmlXPathFreeNodeSet (obj=0x6660f0)
at xpath.c:4059
#1 0x00002b9636a2552e in xmlXPathFreeObject (obj=0x666170)
at xpath.c:5344
#2 0x00002b9636a32c1d in xmlXPathEval (str=0x2b96369df5c0
"UH211�SH201��", ctx=0x61b7c0)
at xpath.c:14832
#3 0x00002b9636a233db in xmlShell (doc=<value optimized
out>,
filename=0x7fff749b23f9 "test.xml",
input=<value optimized out>,
output=<value optimized out>) at debugXML.c:2989
#4 0x0000000000406b42 in parseAndPrintFile
(filename=0x7fff749b23f9
"test.xml", rectxt=0x0)
at xmllint.c:2310
#5 0x0000000000408e13 in main (argc=3, argv=0x7fff749b09e8)
at
xmllint.c:3499
#6 0x00002b9637165944 in __libc_start_main () from
/lib64/libc.so.6
#7 0x00000000004044a9 in _start ()
(gdb) p i
$1 = 10
(gdb) p obj->nodeTab[i]
$2 = (xmlNodePtr) 0x60
(gdb) p obj->nodeNr
$3 = 6711616
(gdb)
File test.xml contains only "<aaa />"
- --
Best Regards / S pozdravom,
Pavol RUSNAK SUSE
LINUX, s.r.o
Package Maintainer Lihovarska
1060/12
PGP 0xA6917144 19000
Praha 9, CR
prusnak[at]suse.cz http://www.suse.cz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFGE7lTASE5C6aRcUQRAiBnAJ9JxFSdPFfsTPL0hYEqZyxVT/RnrwCf
dp9t
XvaR4tDlBE1wNx79Toiaj78=
=RY/w
-----END PGP SIGNATURE-----
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
| Re: an xpath segfault reproducible with
xmllint |
|
2007-04-04 09:54:33 |
On Wed, Apr 04, 2007 at 04:42:27PM +0200, Pavol Rusnak
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Daniel Veillard wrote:
> > What is the stack like, and value for i and
obj->nodeNr.
> > As stated I tested with latest SVN version on 2
machines without seeing the
> > problem myself.
>
> (gdb) r --shell test.xml
> Starting program: /usr/bin/xmllint --shell test.xml
> / > xpath *[a=name(concat(""))]
> XPath error : Invalid number of arguments
> XPath error : Invalid type
> xmlXPathEval: 3 object left on the stack
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00002b9636a24d4b in xmlXPathFreeNodeSet
(obj=0x6660f0) at xpath.c:4059
> 4059 if ((obj->nodeTab[i] != NULL)
&&
> (gdb) bt
> #0 0x00002b9636a24d4b in xmlXPathFreeNodeSet
(obj=0x6660f0) at xpath.c:4059
> #1 0x00002b9636a2552e in xmlXPathFreeObject
(obj=0x666170) at xpath.c:5344
> #2 0x00002b9636a32c1d in xmlXPathEval
(str=0x2b96369df5c0
> "UH211�SH201��", ctx=0x61b7c0)
> at xpath.c:14832
> #3 0x00002b9636a233db in xmlShell (doc=<value
optimized out>,
> filename=0x7fff749b23f9 "test.xml",
input=<value optimized out>,
> output=<value optimized out>) at
debugXML.c:2989
> #4 0x0000000000406b42 in parseAndPrintFile
(filename=0x7fff749b23f9
> "test.xml", rectxt=0x0)
> at xmllint.c:2310
> #5 0x0000000000408e13 in main (argc=3,
argv=0x7fff749b09e8) at
> xmllint.c:3499
> #6 0x00002b9637165944 in __libc_start_main () from
/lib64/libc.so.6
> #7 0x00000000004044a9 in _start ()
> (gdb) p i
> $1 = 10
> (gdb) p obj->nodeTab[i]
> $2 = (xmlNodePtr) 0x60
> (gdb) p obj->nodeNr
> $3 = 6711616
-> that value is clearly corrupted
> (gdb)
>
> File test.xml contains only "<aaa />"
Can you find where obj->nodeNr is reset with that value ?
Here I get 0 as
expected:
Starting program: /u/veillard/XML/xmllint --shell test.xml
/ > xpath *[a=name(concat(""))]
Breakpoint 1, xmlXPathFreeNodeSet (obj=0xa498e38) at
xpath.c:4055
4055 xmlXPathFreeNodeSet(xmlNodeSetPtr obj) {
(gdb) c
Continuing.
XPath error : Invalid number of arguments
XPath error : Invalid type
Breakpoint 1, xmlXPathFreeNodeSet (obj=0xa4985c8) at
xpath.c:4055
4055 xmlXPathFreeNodeSet(xmlNodeSetPtr obj) {
(gdb) c
Continuing.
Breakpoint 1, xmlXPathFreeNodeSet (obj=0xa498f18) at
xpath.c:4055
4055 xmlXPathFreeNodeSet(xmlNodeSetPtr obj) {
(gdb) c
Continuing.
Breakpoint 1, xmlXPathFreeNodeSet (obj=0xa498cc8) at
xpath.c:4055
4055 xmlXPathFreeNodeSet(xmlNodeSetPtr obj) {
(gdb) c
Continuing.
xmlXPathEval: 3 object left on the stack
Breakpoint 1, xmlXPathFreeNodeSet (obj=0xa4983c8) at
xpath.c:4055
4055 xmlXPathFreeNodeSet(xmlNodeSetPtr obj) {
(gdb) p *obj
$5 = {nodeNr = 0, nodeMax = 10, nodeTab = 0xa498418}
(gdb) c
Continuing.
Object is empty (NULL)
/ >
When allocating a node set nodeNr and nodeMax are always
initialized to 0
(see xmlXPathNewNodeSet).
Daniel
--
Red Hat Virtualization group http://redhat.com/v
irtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillardredhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ |
Rpmfind RPM search engine http://rpmfind.net/
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
| Re: an xpath segfault reproducible with
xmllint |
Czech Republic |
2007-04-04 10:28:40 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel Veillard wrote:
> Can you find where obj->nodeNr is reset with that
value ? Here I get 0 as
> expected:
(gdb) r --shell test.xml
Starting program: /usr/bin/xmllint --shell test.xml
Breakpoint 2 at 0x2b4716766d23: file xpath.c, line 4058.
Pending breakpoint "xpath.c:4058" resolved
/ > xpath *[a=name(concat(""))]
Breakpoint 2, xmlXPathFreeNodeSet (obj=0x6668d0) at
xpath.c:4058
4058 for (i = 0;i < obj->nodeNr;i++)
(gdb) p obj->nodeNr
$1 = 1
(gdb) c
Continuing.
XPath error : Invalid number of arguments
XPath error : Invalid type
Breakpoint 2, xmlXPathFreeNodeSet (obj=0x6661d0) at
xpath.c:4058
4058 for (i = 0;i < obj->nodeNr;i++)
(gdb) p obj->nodeNr
$2 = 1
(gdb) c
Continuing.
Breakpoint 2, xmlXPathFreeNodeSet (obj=0x6662c0) at
xpath.c:4058
4058 for (i = 0;i < obj->nodeNr;i++)
(gdb) p obj->nodeNr
$3 = 1
(gdb) c
Continuing.
Breakpoint 2, xmlXPathFreeNodeSet (obj=0x6660f0) at
xpath.c:4058
4058 for (i = 0;i < obj->nodeNr;i++)
(gdb) p obj->nodeNr
$4 = 0
(gdb) c
Continuing.
xmlXPathEval: 3 object left on the stack
Breakpoint 2, xmlXPathFreeNodeSet (obj=0x6660f0) at
xpath.c:4058
4058 for (i = 0;i < obj->nodeNr;i++)
(gdb) p obj->nodeNr
$5 = 6711616
(gdb) p *obj
$6 = {nodeNr = 6711616, nodeMax = 0, nodeTab = 0x666110}
(gdb)
I'll try to investigate this further.
I also compiled latest libxml2 from SVN trunk and this
modification:
http://svn.gnome.org/viewcvs/libxml2/trunk
/xpath.c?r1=3575&r2=3584 -
changed SIGSEGV into SIGABRT:
(gdb) r --shell test.xml
Starting program: /usr/bin/xmllint --shell test.xml
Breakpoint 1 at 0x2ac6a8e4fd23: file xpath.c, line 4055.
/ > xpath *[a=name(concat(""))]
Breakpoint 1, xmlXPathFreeNodeSet (obj=0x61c1f0) at
xpath.c:4058
4058 for (i = 0;i < obj->nodeNr;i++)
(gdb) p i
$1 = <value optimized out>
(gdb) p obj->nodeNr
$2 = 1
(gdb) c
Continuing.
XPath error : Invalid number of arguments
XPath error : Invalid type
Breakpoint 1, xmlXPathFreeNodeSet (obj=0x61c110) at
xpath.c:4058
4058 for (i = 0;i < obj->nodeNr;i++)
(gdb) p obj->nodeNr
$3 = 1
(gdb) c
Continuing.
Breakpoint 1, xmlXPathFreeNodeSet (obj=0x61a6c0) at
xpath.c:4058
4058 for (i = 0;i < obj->nodeNr;i++)
(gdb) p obj->nodeNr
$4 = 1
(gdb) c
Continuing.
Program received signal SIGABRT, Aborted.
0x00002ac6a97b8395 in raise () from /lib64/libc.so.6
(gdb)
- --
Best Regards / S pozdravom,
Pavol RUSNAK SUSE
LINUX, s.r.o
Package Maintainer Lihovarska
1060/12
PGP 0xA6917144 19000
Praha 9, CR
prusnak[at]suse.cz http://www.suse.cz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFGE8QoASE5C6aRcUQRAnv3AKCyyQr2HJOqnLo+wgl97GkEWR4qTgCe
I9LB
yBi9/69M6Mi7av6PhTEACR4=
=Q5/0
-----END PGP SIGNATURE-----
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
| Re: an xpath segfault reproducible with
xmllint |
 
United States |
2007-04-04 12:55:29 |
Pavol Rusnak wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Daniel Veillard wrote:
>> Can you make sure no patch was applied on SuSE
rpms, I doubt it but
>> that may happen. Maybe someone from SuSe is
monitoting that list and
>> can
>> act on this problem (thanks in advance !)
>
> Hello Petr and Daniel!
>
> I'm maintainer of libxml2 in SuSE. Our libxml2-2.6.27
has 4 patches, I'm
> attaching relevant one (null-retval.patch). This was a
patch for older
> bug I reported earlier: http
://bugzilla.gnome.org/show_bug.cgi?id=400242
> - - and was fixed in CVS by William M. Brac.
>
I can reproduce the problem, under Valgrind, using the
released version
of libxml2-2.6.27. However, for me, it is fixed in SVN HEAD
by a change
to xpath.c committed on Feb 13 (SVN revision 3584). Could
you please try
the latest SVN and confirm that it fixes it for you as
well?
Thanks,
Bill
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
| Re: an xpath segfault reproducible with
xmllint |
Czech Republic |
2007-04-05 03:45:25 |
William M. Brack wrote:
> I can reproduce the problem, under Valgrind, using the
released version
> of libxml2-2.6.27. However, for me, it is fixed in SVN
HEAD by a change
> to xpath.c committed on Feb 13 (SVN revision 3584).
Could you please try
> the latest SVN and confirm that it fixes it for you as
well?
Hi William!
I had found your change in SVN before. I described the whole
situation
in my mail* from 04/04/2007 05:28PM CEST. I think you must
have missed
my reply.
* http://mail.gnome.org/archives/xml/2007-April/msg0002
4.html
--
Best Regards / S pozdravom,
Pavol RUSNAK SUSE
LINUX, s.r.o
Package Maintainer Lihovarska
1060/12
PGP 0xA6917144 19000
Praha 9, CR
prusnak[at]suse.cz http://www.suse.cz
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
| Re: an xpath segfault reproducible with
xmllint |
United States |
2007-04-05 10:47:18 |
Pavol Rusnak wrote:
> William M. Brack wrote:
>> I can reproduce the problem, under Valgrind, using
the released version
>> of libxml2-2.6.27. However, for me, it is fixed in
SVN HEAD by a
>> change
>> to xpath.c committed on Feb 13 (SVN revision 3584).
Could you please
>> try
>> the latest SVN and confirm that it fixes it for you
as well?
>
> Hi William!
> I had found your change in SVN before. I described the
whole situation
> in my mail* from 04/04/2007 05:28PM CEST. I think you
must have missed
> my reply.
>
> * http://mail.gnome.org/archives/xml/2007-April/msg0002
4.html
>
No, I had read your reply, but was completely unable to
reproduce the
problem under what I understood were your conditions. Hence
my reference
to "the latest SVN", just to assure we are both
talking about the same
thing.
More precisely, I am running under Fedora FC6. I downloaded
the latest
release from xmlsoft.org (libxml2-2.6.27), then applied the
"SUSE patch"
which you had previously mentioned, and finally applied a
patch created
with
svn diff -r 3575:3584 xpath.c
(and no other changes to the released version). I then used
gdb to run
the xmllint which was compiled in that manner. My "xml
test file" was a
file containing "<root/>". The output for
that run is attached. I also
ran valgrind, and attach the output for that run. As you
can see, for
both gdb and valgrind there is no error.
I'll be happy to help in any way I can, but at the moment I
can't imagine
where is the difference between our tests that is causing
the problem.
> Best Regards / S pozdravom,
>
> Pavol RUSNAK SUSE
LINUX, s.r.o
> Package Maintainer
Lihovarska 1060/12
> PGP 0xA6917144
19000 Praha 9, CR
> prusnak[at]suse.cz http://www.suse.cz
Regards,
Bill
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml
|
|
 |
| |
[1-11]
|
|