Skip Menu |

This queue is for tickets about the XML-LibXML CPAN distribution.

Report information
The Basics
Id: 27132
Status: resolved
Priority: 0/
Queue: XML-LibXML

People
Owner: Nobody in particular
Requestors: mjs [...] fix.net
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: NULL ptr seg fault
Date: Mon, 14 May 2007 17:14:30 -0400
To: bug-XML-LibXML [...] rt.cpan.org
From: Mark Steckel <mjs [...] fix.net>
Hello, XML::LibXML fails under certain circumstances due to a NULL ptr dereference. The function just below from dom.c can seg fault if the parameter ns is NULL. domAddNsDef(xmlNodePtr tree, xmlNsPtr ns) { xmlNsPtr i = tree->nsDef; while(i != NULL && i != ns) i = i->next; if( i == NULL ) { ns->next = tree->nsDef; /* Fails if ns is NULL */ tree->nsDef = ns; } } This error seems to occur because the return value from a libxml2 function is not checked for failure before being passed to domAddNsDef(). Specifically, the function dom.c:_domReconcileNsAttr() calls xmlCopyNamespace() which returns NULL if an error occurs. This error occurs with libxml2-2.6.27 and libxml2-2.6.28. I created the following work-around. diff -r -w -c XML-LibXML-1.63/dom.c XML-LibXML-1.63-new/dom.c *** XML-LibXML-1.63/dom.c 2007-02-26 08:24:12.000000000 -0500 --- XML-LibXML-1.63-new/dom.c 2007-05-14 14:03:34.000000000 -0400 *************** *** 114,119 **** --- 114,120 ---- { /* Replace/Add the namespace declaration on the element */ attr->ns = xmlCopyNamespace(attr->ns); + if (attr->ns != NULL) domAddNsDef(tree, attr->ns); } } It probably makes more sense to validate the ptr's that are passed to domAddNsDef() but I am uncertain what action should be taken if either ptr is NULL. Additional info follows. Thanks Mark ------------ CentOS 4.4 [root@dizzy perl]# uname -a Linux dizzy.abcxyz.com 2.6.9-42.EL #1 Sat Aug 12 09:17:58 CDT 2006 i686 i686 i386 GNU/Linux root@dizzy perl]# perl -V Summary of my perl5 (revision 5 version 8 subversion 8) configuration: Platform: osname=linux, osvers=2.6.9-42.el, archname=i686-linux-thread-multi uname='linux dizzy.huffingtonpost.com 2.6.9-42.el #1 sat aug 12 09:17:58 cdt 2006 i686 i686 i386 gnulinux ' config_args='' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O2', cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include' ccversion='', gccversion='3.4.6 20060404 (Red Hat 3.4.6-3)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='gcc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc libc=/lib/libc-2.3.4.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.3.4' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP THREADS_HAVE_PIDS USE_ITHREADS USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API Built under linux Compiled at Jan 30 2007 16:49:58 @INC: /usr/local/lib/perl5/5.8.8/i686-linux-thread-multi /usr/local/lib/perl5/5.8.8 /usr/local/lib/perl5/site_perl/5.8.8/i686-linux-thread-multi /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl .
yes, I have committed the same fix some weeks ago in the subversion. thanks anyway. -- Petr
Subject: Re: [rt.cpan.org #27132] NULL ptr seg fault
Date: Mon, 14 May 2007 18:04:00 -0400
To: bug-XML-LibXML [...] rt.cpan.org
From: Mark Steckel <mjs [...] fix.net>
Cool! Two questions then: 1) When is the next release expected? 2) Is there anonymous subversion access? Thanks Mark At 05:58 PM 5/14/2007, you wrote: Show quoted text
><URL: http://rt.cpan.org/Ticket/Display.html?id=27132 > > >yes, I have committed the same fix some weeks ago in the subversion. > >thanks anyway. > >-- Petr
On po 14.kvÄ›.2007 18:05:48, mjs@fix.net wrote: Show quoted text
> > Cool! Two questions then: > > 1) When is the next release expected?
I'm not yet determined about it, but sure not in the next three weeks or so, I'm too busy finishing other stuff. Show quoted text
> 2) Is there anonymous subversion access?
yes, read the last paragraph in the README file http://search.cpan.org/src/PAJAS/XML-LibXML-1.63/README -- Petr Show quoted text
> > At 05:58 PM 5/14/2007, you wrote: >
> ><URL: http://rt.cpan.org/Ticket/Display.html?id=27132 > > > > >yes, I have committed the same fix some weeks ago in the
subversion. Show quoted text
> > > >thanks anyway. > > > >-- Petr
>