[XML-SIG] Bug in XML stuff?

Jack Jansen Jack.Jansen@cwi.nl
Tue, 09 Jun 1998 13:04:52 +0200 

>         vbassa:~/aiostudie/bug> python t3.py -r test.xml
>         Segmentation fault (core dumped)
> 
> This is with Python 1.5.1 (compiled with termios) running on a Indy R5
> (irix 5.3).  I used gcc 2.7.2; for running the stuff in the attached
> tarball you'll need saxlib-1.0beta3 installed in /tmp/source/sax

[I'm cc-ing Guido on this too, this appears to be more a string-format problem 
than an xml/sax problem. En ten behoeve van xml-sig lezers hou ik 't in het 
engels:-)]

The problem appears not to be compiler-dependent: it also crashes on my SGI O2 
running 6.2, Python 151 compiled with the SGI compiler.

Dbx told me the following about the problem (only the last few stack frames 
shown):
   0 memmove(0x100d274c, 0xffffffff, 0xffffffff, 0x100d278c)
		 ["bcopy.s":844, 0xfa6c0e8]
   1 PyString_Format(0xb, 0x1011d860, 0x0, 0x0)
		 ["../../Objects/stringobject.c":999, 0x43c7dc]
   2 PyNumber_Remainder(0x100e9250, 0x1011d860, 0xffffffff, 0x100d278c)
		 ["../../Objects/abstract.c":413, 0x461854]
   3 eval_code2(0x100e9290, 0x100d3190, 0x100e9250, 0x100d3190)
		 ["../../Python/ceval.c"
So, apparently you're doing a % operation here.

Trace tells me the following (only the last couple of lines shown):
       > printer.py:28 do_creation (135)
        > printer.py:23 root (29)
         > printer.py:17 path_to_root (24)
          > printer.py:17 path_to_root (20)
          < printer.py:21 path_to_root [0.0002]
         < printer.py:21 path_to_root [0.0013]
        < printer.py:24 root [0.0023]
        > printer.py:218 global_typeset (29)
         > grobs.py:106 add (219)
          > grobs.py:62 add (107)
          < grobs.py:66 add [0.0003]
           > grobs.py:32 __str__ (111)
           > grobs.py:26 __str__ (33)
            > interval.py:31 __str__ (27)
            < interval.py:32 __str__ [0.0003]
           < grobs.py:29 __str__ [0.0015]
Bus error - core dumped

So, apparently we're printing a Graphical_object, and self.coordinate_info[0] 
has been formatted successfully. Before we get a chance to format 
self.coordinate_info[1] we've crashed. Combined with the dbx stacktrace we 
appear to be in the % operation in Graphical_object.__str__().

The only slightly suspect things I can see are (1) you're using recursive 
string-% (PyString_Format calls, internally) and (2) you're using floating 
point (half-serious: floating point is often less tested than plain integers).

Guido: is PyString_Format recursion-safe, or could there be situations where 
it isn't?
--
Jack Jansen             | ++++ stop the execution of Mumia Abu-Jamal ++++
Jack.Jansen@cwi.nl      | ++++ if you agree copy these lines to your sig ++++
http://www.cwi.nl/~jack | see http://www.xs4all.nl/~tank/spg-l/sigaction.htm