[Bug 2146360] [NEW] double free when running LibXML.t test 25

Wed, 25 Mar 2026 11:35:46 -0700 

Public bug reported:

libxml-validate-perl 1.025-4
libxml-libxml-perl 2.0207+dfsg+really+2.0207-0ubuntu7
libxml 2.15.1+dfsg-2ubuntu2 

can hit a double free when executing LibXML.t

the test hitting the error:

ignore(25); # This is broken in XML::LibXML v1.58
my $base = cwd().("/foo/base-uri.xml");
$base = "/".$base unless($base =~ "^/"); #Ensure filepath starts with a slash 
(e.g. win32 drive letter)
$base =~ s/:/%3A/; #Escape colons arising from Win32 drive letters
$base = 'file://'.$base;
my $base_uri_validator = new XML::Validate::LibXML(base_uri => $base);
TRACE("Using base_uri: $base");
ASSERT($base_uri_validator->validate($base_uri_XML), 'XML checked with 
different base URI');
DUMP("Base URI error", $base_uri_validator->last_error);

autopkgtest output:

116s ok 24 (Null string XML is fatal exception)
116s double free or corruption (!prev)
116s Failed 1/25 subtests 
116s t/MSXML.t ..... 
116s 1..24

link to failing test:

https://autopkgtest.ubuntu.com/results/autopkgtest-
resolute/resolute/amd64/libx/libxml-validate-
perl/20260324_211426_29438@/log.gz

Tracing, this seems to come from libxml-libxml-perl:LibXML.xs and
behavioural changes in libxml2 2.15+. I _think_ it traces to
LibXML.xs:1266

        if ( real_doc != NULL ) {
            if (real_doc->URL != NULL) { /* free "" assigned above */
               xmlFree((char*) real_doc->URL);
               real_doc->URL = NULL;
            }

which calls a free on a path that is already freed by libxml2. this only
occurs in resolute, unable to reproduce in older versions

** Affects: libxml-libxml-perl (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: libxml-validate-perl (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: libxml-libxml-perl (Ubuntu Resolute)
     Importance: Undecided
         Status: New

** Affects: libxml-validate-perl (Ubuntu Resolute)
     Importance: Undecided
         Status: New

** Also affects: libxml-libxml-perl (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: libxml-libxml-perl (Ubuntu Resolute)
   Importance: Undecided
       Status: New

** Also affects: libxml-validate-perl (Ubuntu Resolute)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2146360

Title:
  double free when running LibXML.t test 25

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml-libxml-perl/+bug/2146360/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to