Bug 137968

Summary: libxml2 segfault after update
Product: [Fedora] Fedora Reporter: Nikolay Melekhin <nikolay_melehin>
Component: libxml2Assignee: Daniel Veillard <veillard>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 2   
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-11-12 19:26:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nikolay Melekhin 2004-11-03 14:17:55 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)
Gecko/20040927

Description of problem:
I use libxml2 for large project.
After update libxml2 from 2.6.8 to 2.6.15
Following code snippet segfaults:
#include <stdio.h>
#include <libxml/parser.h>
                                                                     
                                                      
int main() {
  xmlChar text[] = "<a>TEXT A</a><b>TEXT B</b>";
  xmlChar *buf = NULL;
  int buf_size = 0;
                                                                     
                                                      
  xmlDocPtr doc = xmlNewDoc(BAD_CAST "1.0");
  xmlNodePtr node;
  int result = xmlParseBalancedChunkMemory(doc, NULL, NULL, 0, text,
&node);
  printf("result=%d\n", result);
  doc->children = xmlNewDocNode(doc, NULL, BAD_CAST "test", NULL);
  xmlAddChildList(doc->children, node);
  xmlDocDumpFormatMemory(doc, &buf, &buf_size, 1);
  printf("buffer=\n%s\n", buf);
  xmlFreeDoc(doc);
}

Version-Release number of selected component (if applicable):
libxml2-2.6.15

How reproducible:
Always

Steps to Reproduce:
1.Update FC2 to the latest libxml2
2.Compile and run code snippet
3.Segmentation fault
    

Actual Results:  free(): invalid pointer 0x9029eac!
result=0
buffer=
<?xml version="1.0"?>
<test>
  <a>TEXT A</a>
  <b>TEXT B</b>
</test>
Segmentation fault

Expected Results:  result=0
buffer=
<?xml version="1.0"?>
<test>
  <a>TEXT A</a>
  <b>TEXT B</b>
</test>

Additional info:
Comment 1 Daniel Veillard 2004-11-03 15:51:57 UTC 
Already fixed in upstream CVS (it was breaking perl wrapper):

(gdb) r
Starting program: /u/veillard/XML/tst
[Thread debugging using libthread_db enabled]
[New Thread -1218547584 (LWP 21440)]
result=0
buffer=
<?xml version="1.0"?>
<test>
  <a>TEXT A</a>
  <b>TEXT B</b>
</test>

element test: error : Node has no parent

Program exited with code 050.
(gdb)

  It should be fixed in 2.6.16 which I expect to release at the end
of the week. In the meantime try the snapshot at 
   ftp://xmlsoft.org/libxml2-cvs-snapshot.tar.gz

Daniel
Comment 2 Daniel Veillard 2004-11-12 19:26:21 UTC 
2.6.16 with the fix has been pushed as n update to fedora core 2 and 3
this should close this bug,

  thanks

Daniel