Bug 644312 - validation Aborted
validation Aborted
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: libxml2 (Show other bugs)
5.5
All Linux
high Severity medium
: rc
: ---
Assigned To: Daniel Veillard
BaseOS QE - Apps
: Reopened
: 696215 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-10-19 08:23 EDT by Peter Vrabec
Modified: 2011-07-21 07:14 EDT (History)
3 users (show)

See Also:
Fixed In Version: libxml2-2.6.26-2.1.12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-07-21 07:14:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Vrabec 2010-10-19 08:23:07 EDT
Description of problem:
Validation of xml document is aborted.

This validation is important for us because of openscap project. We are planning  to push openscap into RHEL5.7 (https://bugzilla.redhat.com/show_bug.cgi?id=642672) but disabling the validation functionality would be significant shortcoming.

Version-Release number of selected component (if applicable):
# rpm -q libxml2
libxml2-2.6.26-2.1.2.8

How reproducible:
use data from http://people.redhat.com/pvrabec/openscap/content.tgz
$ xmllint --schema xccdf-schema.xsd usgcb-rhel5desktop_xccdf.xml > /dev/null

Actual results:
*** glibc detected *** xmllint: realloc(): invalid pointer: 0x083b7c88 ***

Expected results:
usgcb-rhel5desktop_xccdf.xml validates

Additional info:
It works fine on Fedora.
$ rpm -q libxml2
libxml2-2.7.6-2.fc12.x86_64
libxml2-2.7.6-2.fc12.i686
Comment 1 Peter Vrabec 2010-10-19 08:30:16 EDT
(In reply to comment #0)
> Description of problem:
> Validation of xml document is aborted.
> 
> This validation is important for us because of openscap project. We are
> planning  to push openscap into RHEL5.7
> (https://bugzilla.redhat.com/show_bug.cgi?id=642672) 
Please ignore this URL. It's for RHEL6.1 rebase. Request for RHEL5.7 push was not filed yet.
Comment 2 Eduard Benes 2010-10-20 04:36:18 EDT
(In reply to comment #0)
> Additional info:
> It works fine on Fedora.
> $ rpm -q libxml2
> libxml2-2.7.6-2.fc12.x86_64
> libxml2-2.7.6-2.fc12.i686

And on RHEL 6:
libxml2-2.7.6-1.el6.x86_64
Comment 3 Peter Vrabec 2011-03-08 08:53:51 EST
I don't why but it works for me on RHEL-5-Client/U6/x86_64 now.

I'm closing this issue.
Comment 6 Peter Vrabec 2011-03-14 13:48:29 EDT
Unfortunately I get another fault.

xmllint --noout --schema /usr/share/openscap/schemas/oval/5.6/oval-definitions-schema.xsd usgcb-rhel5desktop-oval.xml
*** glibc detected *** xmllint: free(): invalid next size (fast): 0x0000000004a1fd20 ***

usgcb-rhel5desktop-oval.xml is The United States Government Configuration Baseline (USGCB) for Red Hat Enterprise Linux 5:
http://usgcb.nist.gov/usgcb/content/scap/RHEL5-desktop-USGCB-Alpha-Candidate.zip

Schemas that I have used are patched OVAL schemas provided by openscap project.
http://www.open-scap.org/download/openscap-0.7.1.tar.gz


I can confirm that this works on my Fedora box.
Comment 7 Peter Vrabec 2011-03-14 14:10:27 EDT
# rpm -q libxml2
libxml2-2.6.26-2.1.2.8.el5_5.1
libxml2-2.6.26-2.1.10

Program received signal SIGABRT, Aborted.
0x000000314a030265 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x000000314a030265 in raise () from /lib64/libc.so.6
#1  0x000000314a031d10 in abort () from /lib64/libc.so.6
#2  0x000000314a06a99b in __libc_message () from /lib64/libc.so.6
#3  0x000000314a07245f in _int_free () from /lib64/libc.so.6
#4  0x000000314a0728bb in free () from /lib64/libc.so.6
#5  0x00002aaaaab84464 in xmlSchemaFreeIDCStateObjList (sto=0xeb6220) at xmlschemas.c:3843
#6  0x00002aaaaab8589d in xmlSchemaFreeValidCtxt__internal_alias (ctxt=0xc4c1c0) at xmlschemas.c:27248
#7  0x00000000004069a0 in parseAndPrintFile (filename=0x7fffffffebaf "usgcb-rhel5desktop-oval.xml", rectxt=<value optimized out>) at xmllint.c:2692
#8  0x0000000000408a59 in main (argc=5, argv=0x7fffffffe918) at xmllint.c:3448

#5  0x00002aaaaab84464 in xmlSchemaFreeIDCStateObjList (sto=0xeb6220) at xmlschemas.c:3843
3843                xmlFree(sto->history);
(gdb) print *sto
$1 = {type = 1, next = 0xeb6320, depth = 0, history = 0xeb6d20, nbHistory = 0, sizeHistory = 10, matcher = 0xeb61e0, sel = 0xbbfd30, xpathCtxt = 0xeb6270}
Comment 8 Peter Vrabec 2011-04-15 05:21:58 EDT
*** Bug 696215 has been marked as a duplicate of this bug. ***
Comment 9 Michal Nowak 2011-04-19 03:10:39 EDT
"""
Server Error
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

http://usgcb.nist.gov/usgcb/content/scap/RHEL5-desktop-USGCB-Alpha-Candidate.zip
"""

Can you find a viable link or attach the tarball here, please?
Comment 13 Daniel Veillard 2011-04-21 02:42:50 EDT
The 1 line patch fixing this bug is the following:

-----------------------------------------------------------------------
commit 6f9b0878c00c2b74ad6d7fddab031f27576880dc
Author: Daniel Veillard <veillard@src.gnome.org>
Date:   Sat Aug 12 14:09:01 2006 +0000

    applied patch from Marton Illes to fix an allocation bug in 
    
    * xmlschemas.c: applied patch from Marton Illes to fix an allocation
      bug in xmlSchemaXPathEvaluate should close #351032
    Daniel

diff --git a/xmlschemas.c b/xmlschemas.c
index e0d3b7a..3baae05 100644
--- a/xmlschemas.c
+++ b/xmlschemas.c
@@ -22197,7 +22197,7 @@ xmlSchemaXPathEvaluate(xmlSchemaValidCtxtPtr vctxt,
                    "allocating the state object history", NULL);
                return(-1);
            }
-           sto->sizeHistory = 10;
+           sto->sizeHistory = 5;
        } else if (sto->sizeHistory <= sto->nbHistory) {
            sto->sizeHistory *= 2;
            sto->history = (int *) xmlRealloc(sto->history,
------------------------------------------------------------------------

  But while chasing it I accumulated quite a list of rather nasty
bugs in XSD for RHEL-5 . I start wondering if I should not apply
a larger set of instead of just that one. If people start to use XSD
libxml2 support in RHEL-5, then it's better to fix the main crashers
there rather than just that one.

Daniel
Comment 15 Daniel Veillard 2011-04-21 04:06:25 EDT
Fixed in build libxml2-2.6.26-2.1.12

Daniel
Comment 20 errata-xmlrpc 2011-07-21 07:14:11 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1053.html

Note You need to log in before you can comment on or make changes to this bug.