Bug 137968 - libxml2 segfault after update
libxml2 segfault after update
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: libxml2 (Show other bugs)
2
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Veillard
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-03 09:17 EST by Nikolay Melekhin
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-12 14:26:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nikolay Melekhin 2004-11-03 09:17:55 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)
Gecko/20040927

Description of problem:
I use libxml2 for large project.
After update libxml2 from 2.6.8 to 2.6.15
Following code snippet segfaults:
#include <stdio.h>
#include <libxml/parser.h>
                                                                     
                                                      
int main() {
  xmlChar text[] = "<a>TEXT A</a><b>TEXT B</b>";
  xmlChar *buf = NULL;
  int buf_size = 0;
                                                                     
                                                      
  xmlDocPtr doc = xmlNewDoc(BAD_CAST "1.0");
  xmlNodePtr node;
  int result = xmlParseBalancedChunkMemory(doc, NULL, NULL, 0, text,
&node);
  printf("result=%d\n", result);
  doc->children = xmlNewDocNode(doc, NULL, BAD_CAST "test", NULL);
  xmlAddChildList(doc->children, node);
  xmlDocDumpFormatMemory(doc, &buf, &buf_size, 1);
  printf("buffer=\n%s\n", buf);
  xmlFreeDoc(doc);
}

Version-Release number of selected component (if applicable):
libxml2-2.6.15

How reproducible:
Always

Steps to Reproduce:
1.Update FC2 to the latest libxml2
2.Compile and run code snippet
3.Segmentation fault
    

Actual Results:  free(): invalid pointer 0x9029eac!
result=0
buffer=
<?xml version="1.0"?>
<test>
  <a>TEXT A</a>
  <b>TEXT B</b>
</test>
Segmentation fault

Expected Results:  result=0
buffer=
<?xml version="1.0"?>
<test>
  <a>TEXT A</a>
  <b>TEXT B</b>
</test>

Additional info:
Comment 1 Daniel Veillard 2004-11-03 10:51:57 EST
Already fixed in upstream CVS (it was breaking perl wrapper):

(gdb) r
Starting program: /u/veillard/XML/tst
[Thread debugging using libthread_db enabled]
[New Thread -1218547584 (LWP 21440)]
result=0
buffer=
<?xml version="1.0"?>
<test>
  <a>TEXT A</a>
  <b>TEXT B</b>
</test>

element test: error : Node has no parent

Program exited with code 050.
(gdb)

  It should be fixed in 2.6.16 which I expect to release at the end
of the week. In the meantime try the snapshot at 
   ftp://xmlsoft.org/libxml2-cvs-snapshot.tar.gz

Daniel
Comment 2 Daniel Veillard 2004-11-12 14:26:21 EST
2.6.16 with the fix has been pushed as n update to fedora core 2 and 3
this should close this bug,

  thanks

Daniel

Note You need to log in before you can comment on or make changes to this bug.