Re: an xpath segfault reproducible with xmllint

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Veillard wrote:
>   Can you make sure no patch was applied on SuSE rpms,
I doubt it but
> that may happen. Maybe someone from SuSe is monitoting
that list and can
> act on this problem (thanks in advance !)

Hello Petr and Daniel!

I'm maintainer of libxml2 in SuSE. Our libxml2-2.6.27 has 4
patches, I'm
attaching relevant one (null-retval.patch). This was a patch
for older
bug I reported earlier: http
://bugzilla.gnome.org/show_bug.cgi?id=400242
- - and was fixed in CVS by William M. Brac.

GDB output of testcase with debuginfo installed:

(gdb) r --shell test.xml
Starting program: /usr/bin/xmllint --shell test.xml
/ > xpath *[a=name(concat(""))]
XPath error : Invalid number of arguments
XPath error : Invalid type
xmlXPathEval: 3 object left on the stack

Program received signal SIGSEGV, Segmentation fault.
0x00002b2102bb5d4b in xmlXPathFreeNodeSet (obj=0x6660f0) at
xpath.c:4059
4059                if ((obj->nodeTab[i] != NULL)
&&

Valgrind output is attached in libxml2-valgrind.txt.

- --
Best Regards / S pozdravom,

Pavol RUSNAK                                       SUSE
LINUX, s.r.o
Package Maintainer                                Lihovarska
1060/12
PGP 0xA6917144                                     19000
Praha 9, CR
prusnak[at]suse.cz                                http://www.suse.cz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


iD8DBQFGE7R9ASE5C6aRcUQRAjbdAJwLfnHVa5xjkkHmYuF1pjefprA2kwCf
c+9m
wsPg2e6tiNmFoY9D9or6WEo=
=Vw1l
-----END PGP SIGNATURE-----

_______________________________________________
xml mailing list, project page  http://xmlsoft.org/
xmlgnome.org
http://mai
l.gnome.org/mailman/listinfo/xml