[ expat-Bugs-214050 ] Segmentation fault in libxmltok
noreply@sourceforge.net
noreply@sourceforge.net
Tue, 31 Jul 2001 19:19:25 -0700
Bugs item #214050, was opened at 2000-09-11 07:41
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=214050&group_id=10127
Category: None
Group: None
Status: Closed
Resolution: Works For Me
Priority: 5
Submitted By: christian liesch (ia97lies)
Assigned to: Nobody/Anonymous (nobody)
Summary: Segmentation fault in libxmltok
Initial Comment:
If I parse the following file (with an error near !DOCTYPE):
<?xml version="1.0" standalone="no"?>
<!-- etwas kommentar -->
!DOCTYPE OReilly:Books SYSTEM "dummy.dtd" [
<!ELEMENT OReilly:Books (OReilly:Product, OReilly:Price)>
<!ELEMENT OReilly:Product ANY>
<!ELEMENT OReilly:Price ANY>
]>
<OReilly:Books>
<OReilly:Product>XML Pocket Ref</OReilly:Product>
<OReilly:Price>8.95
</OReilly:Books>
I got the following with my gdb:
!DOCTYPE OReilly:Books SYSTEM "dummy.dtd" [
error:no element found
Program received signal SIGSEGV, Segmentation fault.
0x400269c5 in normal_updatePosition () from /usr/lib/libxmltok.so.1
(gdb) where
#0 0x400269c5 in normal_updatePosition () from /usr/lib/libxmltok.so.1
#1 0x4001b0d9 in XML_GetCurrentColumnNumber () from /usr/lib/libxmlparse.so.1
#2 0x8049154 in test_parse ()
#3 0x80491f5 in main ()
#4 0x4004da5e in __libc_start_main () at ../sysdeps/generic/libc-start.c:93
(gdb)
----------------------------------------------------------------------
Comment By: David Costanzo (david_costanzo)
Date: 2001-07-31 19:19
Message:
Logged In: YES
user_id=109252
I have version 1.95.2 and am crashing on this. The problem
is that parser->m_Position has been set to NULL before
calling updatePosition.
I have whittled down the repro to passing in "<\x04" as my
data (that's a '<' followed by the binary byte 0x04). I
call XML_Parse twice, once on the data, and once when
setting the "finished" flag. The crash happens when I call
XML_GetCurrentLineNumber afterward.
I'm having a little casting my parser to a Parser* in my
dev enviorment, but I think parser->m_bufferPtr is set to
NULL somewhere (maybe on the first error). Then, when I
call XML_Parse with the "finished" flag, parser-
>m_positionPtr is set to parser->m_bufferPtr (NULL). Then
I call XML_GetCurrentLineNumber to report the error, which
passes NULL in as the position to updatePosition. Then it
crashes.
I do not think the patch listed will work for my bug, since
my problem is that ptr is NULL.
----------------------------------------------------------------------
Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2001-04-18 13:35
Message:
Logged In: YES
user_id=3066
Closing this as it hasn't been reproduced with a recent version of Expat.
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2001-03-07 01:55
Message:
Logged In: NO
I could reproduce this on the a May 29 1999 version of
expat. The problem seems to be that *ptr in
PREFIX(updatePosition)() is a null byte, which chokes
somewhere inside the BYTE_TYPE macro. I fixed this (I
think), by testing for *ptr in the while loop. Here's the
patch:
*** xmltok_impl.c 1999/09/03 14:54:37 1.1.1.1
--- xmltok_impl.c 2001/03/07 09:49:46
***************
*** 1709,1715 ****
const char *end,
POSITION *pos)
{
! while (ptr != end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
--- 1709,1715 ----
const char *end,
POSITION *pos)
{
! while (*ptr && ptr != end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
----------------------------------------------------------------------
Comment By: Sam TH (samth)
Date: 2001-02-02 06:47
Message:
Could not reproduce this with CVS expat.
----------------------------------------------------------------------
Comment By: Sam TH (samth)
Date: 2001-02-02 06:38
Message:
Could not reproduce this with CVS expat.
----------------------------------------------------------------------
Comment By: Jacob Refstrup (jacob_refstrup)
Date: 2000-11-28 14:11
Message:
This appear to be fixed in 1.95.1
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=214050&group_id=10127