Bug #67277 for XML-LibXML: Segfault/Corruption upon using XML::LibXML::Reader with an XHTML file with a DTD

Wed Apr 06 15:15:40 2011 SHLOMIF [...] cpan.org - Ticket created

Subject:

Segfault/Corruption upon using XML::LibXML::Reader with an XHTML file with a DTD

See: https://bitbucket.org/shlomif/perl-xml-libxml-bugs/overview If you checkout this repository, cd into XML-LibXML-reader-segfault and then run "make test", you'll see something like that: [SHELL] shlomif:~/Docs/homepage/homepage/XML-LibXML-bugs/XML-LibXML-reader-segfault$ make test XML_CATALOG_FILES="`pwd`/sgml-lib/catalog.xml" perl find_ascii_quotes.pl index.html index.html:524:"The Enemy" index.html:540:"The One with the index.html:541:Fountainhead" index.html:540:"The Human index.html:541:Hacking Field Guide" index.html:545:a "Neo-Tech" index.html:560:, by the way, but rather "Rational Self-Growth".) index.html:560:"Perl for Newbies" series index.html:623: ehmm… Pheebs? That's "The mirror crack'd from side to side". index.html:623: oh! Ayn Rand wrote "The Mirror Crack'd" too? index.html:682: of "Ways to do it according to the programming index.html:683:languages of the world": index.html:768: the "EvilPHish" emblem index.html:767:"There index.html:768:are Too Many Ways to Do it" index.html:827: Chuck Norris can make the statement "This statement is false." a true one. index.html:847:my essay titled "Dealing with Hypomanias index.html:847: on the "Just 1 Random Guy" comics/blog about index.html:885:The Linux Kernel "make xconfig" enhancement patch index.html:894:"Copying index.html:895: Ubuntu Bug No. 1" index.html:906: "Ubuntu can't have all the fun only for itself", index.html:906: titled "Microsoft has index.html:907:a majority market share". index.html:906: which also reads "Microsoft has a majority market index.html:907:share". Mandriva, index.html:921:Bug No. 1: "Microsoft has a majority market share and Ubuntu has a majority index.html:922:market share on the Linux desktop" index.html:921:codenamed "Maverick Meerkat" index.html:931: with a Hebrew translation of the song "Buy the Fish" from index.html:931:my "Humanity - The Movie" index.html:944:Often when I ask the people I train if they know Perl, they tell me "I don't index.html:945:know Perl. I can only read it.". I wonder whether it indicates that Perl is not index.html:968:The website also now has a better "404" page, and as usual there are many index.html:967:07-Aug-2010: "COBOL - The New Age Programmming Language", "Don't Abuse JavaScript", and other news index.html:993:new parodical page titled "COBOL - The New Age Programming Language" index.html:992:"Don't Abuse index.html:993: JavaScript!" index.html:1033: rindolf: That question would be fun in combat. "WE NEED A DOCTOR HERE!" - "PH.D OR M.D!?" index.html:1045:the "Stop Using Internet Explorer" index.html:1054: "from=rss" script index.html:1065: to the "Computers' Specifications" question on the index.html:1097:"Stop index.html:1098: Using Internet Explorer!" index.html:1098: stub page for the "Announcing Freecell Solver™ Enterprise Edition" bit index.html:1108: story "The Pope Died on Sunday" index.html:1114:20-Mar-2010: Division Two Magazine and "12 Things a Klingon Programmer Would Say" index.html:1115: mirror of the old "Division Two Magazine" site index.html:1132: am going to steer clear of "total cost of ownership" arguments, because index.html:1140:"Windows index.html:1140:"Top 12 things likely to be overheard if you had a Klingon Programmer" index.html:1141: 12) "Specifications are for the weak and timid!" index.html:1154:11) "This machine is a piece of GAGH! I need dual Pentium processors if I am to do battle with this code!" index.html:1154:10) "You cannot really appreciate Dilbert unless you've read it in the original Klingon." index.html:1166:"Software index.html:1167: Construction and Management Tools" directory index.html:1166:and the "Stop Using index.html:1167: Internet Explorer" page index.html:1174:18-Feb-2010: "Escape from GNU Autohell", List of Editors and IDEs and Factoids' Fortunes Collection index.html:1201:"If you read my stories, I'll give you 1,000,000 virtual dollars." index.html:1211:"My old virtual dad used to say to me: 'virtual money does not bring you virtual happiness, my virtual son.'" index.html:1225: titled "Escape from GNU Autohell!" *** glibc detected *** perl: double free or corruption (!prev): 0x0941e908 *** ======= Backtrace: ========= /lib/i686/libc.so.6(+0x6c3ae)[0xb74c43ae] /usr/lib/libxml2.so.2(+0x57b07)[0xb7150b07] ======= Memory map: ======== 08048000-08049000 r-xp 00000000 08:21 67160488 /usr/bin/perl5.12.3 08049000-0804a000 rw-p 00000000 08:21 67160488 /usr/bin/perl5.12.3 09167000-0953d000 rw-p 00000000 00:00 0 [heap] b70c5000-b70e0000 r-xp 00000000 08:21 50340132 /lib/libgcc_s-4.5.2.so.1 b70e0000-b70e1000 rw-p 0001b000 08:21 50340132 /lib/libgcc_s-4.5.2.so.1 b70e1000-b70f7000 r-xp 00000000 08:21 50405614 /lib/libz.so.1.2.5 b70f7000-b70f8000 r--p 00015000 08:21 50405614 /lib/libz.so.1.2.5 b70f8000-b70f9000 rw-p 00016000 08:21 50405614 /lib/libz.so.1.2.5 b70f9000-b723f000 r-xp 00000000 08:21 84068838 /usr/lib/libxml2.so.2.7.8 b723f000-b7243000 r--p 00146000 08:21 84068838 /usr/lib/libxml2.so.2.7.8 b7243000-b7244000 rw-p 0014a000 08:21 84068838 /usr/lib/libxml2.so.2.7.8 b7244000-b7245000 rw-p 00000000 00:00 0 b726d000-b72ef000 r-xp 00000000 08:21 305096 /usr/lib/perl5/vendor_perl/5.12.1/i386-linux-thread-multi/auto/XML/LibXML/LibXML.so b72ef000-b72f0000 rw-p 00081000 08:21 305096 /usr/lib/perl5/vendor_perl/5.12.1/i386-linux-thread-multi/auto/XML/LibXML/LibXML.so b72f0000-b72f8000 r-xp 00000000 08:21 203906235 /usr/lib/perl5/5.12.3/i386-linux-thread-multi/auto/Data/Dumper/Dumper.so b72f8000-b72f9000 rw-p 00007000 08:21 203906235 /usr/lib/perl5/5.12.3/i386-linux-thread-multi/auto/Data/Dumper/Dumper.so b72f9000-b7338000 r--p 00000000 08:21 234983974 /usr/share/locale/UTF-8/LC_CTYPE b7338000-b7456000 r--p 00000000 08:21 234974732 /usr/share/locale/UTF-8/LC_COLLATE b7456000-b7458000 rw-p 00000000 00:00 0 b7458000-b75b7000 r-xp 00000000 08:21 151156783 /lib/i686/libc-2.12.1.so b75b7000-b75b8000 ---p 0015f000 08:21 151156783 /lib/i686/libc-2.12.1.so b75b8000-b75ba000 r--p 0015f000 08:21 151156783 /lib/i686/libc-2.12.1.so b75ba000-b75bb000 rw-p 00161000 08:21 151156783 /lib/i686/libc-2.12.1.so b75bb000-b75be000 rw-p 00000000 00:00 0 b75be000-b75d3000 r-xp 00000000 08:21 151162871 /lib/i686/libpthread-2.12.1.so b75d3000-b75d4000 r--p 00014000 08:21 151162871 /lib/i686/libpthread-2.12.1.so b75d4000-b75d5000 rw-p 00015000 08:21 151162871 /lib/i686/libpthread-2.12.1.so b75d5000-b75d7000 rw-p 00000000 00:00 0 b75d7000-b75d9000 r-xp 00000000 08:21 50471039 /lib/libutil-2.12.1.so b75d9000-b75da000 r--p 00001000 08:21 50471039 /lib/libutil-2.12.1.so b75da000-b75db000 rw-p 00002000 08:21 50471039 /lib/libutil-2.12.1.so b75db000-b75ea000 r-xp 00000000 08:21 50367652 /lib/libcrypt-2.12.1.so b75ea000-b75eb000 r--p 0000e000 08:21 50367652 /lib/libcrypt-2.12.1.so b75eb000-b75ec000 rw-p 0000f000 08:21 50367652 /lib/libcrypt-2.12.1.so b75ec000-b7625000 rw-p 00000000 00:00 0 b7625000-b7649000 r-xp 00000000 08:21 151162868 /lib/i686/libm-2.12.1.so b7649000-b764a000 r--p 00023000 08:21 151162868 /lib/i686/libm-2.12.1.so b764a000-b764b000 rw-p 00024000 08:21 151162868 /lib/i686/libm-2.12.1.so b764b000-b764d000 r-xp 00000000 08:21 50368015 /lib/libdl-2.12.1.so b764d000-b764e000 r--p 00001000 08:21 50368015 /lib/libdl-2.12.1.so b764e000-b764f000 rw-p 00002000 08:21 50368015 /lib/libdl-2.12.1.so b764f000-b7662000 r-xp 00000000 08:21 50389748 /lib/libnsl-2.12.1.so b7662000-b7663000 r--p 00012000 08:21 50389748 /lib/libnsl-2.12.1.so b7663000-b7664000 rw-p 00013000 08:21 50389748 /lib/libnsl-2.12.1.so b7664000-b7666000 rw-p 00000000 00:00 0 b7678000-b767c000 r-xp 00000000 08:21 17897200 /usr/lib/perl5/5.12.3/i386-linux-thread-multi/auto/IO/IO.so b767c000-b767d000 rw-p 00003000 08:21 17897200 /usr/lib/perl5/5.12.3/i386-linux-thread-multi/auto/IO/IO.so b767d000-b767e000 r--p 00000000 08:21 67146018 /usr/share/locale/en_GB.UTF-8/LC_NUMERIC b767e000-b767f000 r--p 00000000 08:21 50389633 /usr/share/locale/en_GB.UTF-8/LC_TIME b767f000-b7680000 r--p 00000000 08:21 218534338 /usr/share/locale/en_US.UTF-8/LC_MONETARY b7680000-b7681000 r--p 00000000 08:21 234881542 /usr/share/locale/en_US.UTF-8/LC_MESSAGES/SYS_LC_MESSAGES b7681000-b7682000 r--p 00000000 08:21 218529030 /usr/share/locale/en_US.UTF-8/LC_PAPER b7682000-b7683000 r--p 00000000 08:21 218109895 /usr/share/locale/en_GB.UTF-8/LC_NAME b7683000-b7684000 r--p 00000000 08:21 218534346 /usr/share/locale/en_US.UTF-8/LC_ADDRESS b7684000-b7685000 r--p 00000000 08:21 218534336 /usr/share/locale/en_US.UTF-8/LC_TELEPHONE b7685000-b7686000 r--p 00000000 08:21 67146016 /usr/share/locale/en_GB.UTF-8/LC_MEASUREMENT b7686000-b768d000 r--s 00000000 08:21 184641905 /usr/lib/gconv/gconv-modules.cache b768d000-b768e000 r--p 00000000 08:21 50333559 /usr/share/locale/en_GB.UTF-8/LC_IDENTIFICATION b768e000-b77f8000 r-xp 00000000 08:21 83949119 /usr/lib/perl5/5.12.3/i386-linux-thread-multi/CORE/libperl.so b77f8000-b77fd000 rw-p 00169000 08:21 83949119 /usr/lib/perl5/5.12.3/i386-linux-thread-multi/CORE/libperl.so b77fd000-b77fe000 rw-p 00000000 00:00 0 b77fe000-b7819000 r-xp 00000000 08:21 50333211 /lib/ld-2.12.1.so b7819000-b781a000 r--p 0001a000 08:21 50333211 /lib/ld-2.12.1.so b781a000-b781b000 rw-p 0001b000 08:21 50333211 /lib/ld-2.12.1.so bfb07000-bfb29000 rw-p 00000000 00:00 0 [stack] ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] make: *** [test] Aborted [/SHELL] This happens to me on all perls I tried including vanilla, Mandriva Cooker-shipped, Debian Squeeze, and blead, on x86-32, x86-64. Regards, -- Shlomi Fish

Wed Apr 06 15:16:43 2011 SHLOMIF [...] cpan.org - Correspondence added

Attached is the script to reproduce the problem. It's under MIT/X11.

Subject:

find_ascii_quotes.pl

#!/usr/bin/perl use strict; use warnings; use XML::LibXML; use XML::LibXML::Reader; use XML::LibXML::XPathContext; use Getopt::Long; my $out_fn; binmode STDOUT, ":utf8"; # Input the filename foreach my $filename (@ARGV) { my $reader = XML::LibXML::Reader->new( location => $filename, load_ext_dtd => 1, 'no_network' => 1, ) or die "Cannot read '$filename'."; while ($reader->read()) { if ($reader->nodeType() == XML_TEXT_NODE) { my $data = $reader->value; my @lines = split(/\n/, $data, -1); foreach my $idx (0 .. $#lines) { my $line = $lines[$idx]; if ($line =~ m{"}) { printf {*STDOUT} ("%s:%d:%s\n", $filename, $reader->lineNumber()+$idx, $line ); } } } } }

Wed Apr 06 15:16:45 2011 SHLOMIF [...] cpan.org - Status changed from 'new' to 'open'

Fri Mar 07 17:10:52 2014 NWELLNHOF [...] cpan.org - Correspondence added

On Wed Apr 06 15:16:43 2011, SHLOMIF wrote: Show quoted text

> Attached is the script to reproduce the problem. It's under MIT/X11.

Works for me. This was probably caused by the double-free bug in libxml2 versions older than 2.7.4.

Thu Mar 13 14:00:49 2014 SHLOMIF [...] cpan.org - Correspondence added

Hi Nick, On Fri Mar 07 17:10:52 2014, NWELLNHOF wrote: Show quoted text

> On Wed Apr 06 15:16:43 2011, SHLOMIF wrote:

> > Attached is the script to reproduce the problem. It's under MIT/X11.

> > Works for me. This was probably caused by the double-free bug in > libxml2 versions older than 2.7.4.

Thanks for the investigation and the update. It works for me too, and valgrind is also happy (minus some memory leaks). I'm going to RESOLVE this bug (which I reported). Regards, -- Shlomi Fish

Thu Mar 13 14:00:50 2014 SHLOMIF [...] cpan.org - Status changed from 'open' to 'resolved'