I attach a simple python script (libxml2_crash.py) that seems to
reference uninitialised memory, or crash the interpreter.
Run on various setups, the results were (using � for random junk char):
* debian stable (2.6.27 plus security patches and py 2.4):
segfault
* win32 (2.6.30 and py 2.4):
xmlns:���="���"
xmlns:���="���"
* gentoo unstable (2.6.31 and py 2.5)
xmlns:���="���"
TypeError: __str__ returned non-string (type NoneType)
* same but sparc:
bus error (I'm told "most likely a segfault that falls unaligned")
It's not just the serialisation that's borked, any property reference
- including the repr (which uses xmlNs.name) - can return junk or
boom. More complicated documents crash in different places, or
traceback when trying to construct the python xmlNs wrapper in
nodeWrap (line 550) with:
if name[0:8] == "document":
TypeError: unsubscriptable object
(That may not be related, seems that xmlNs.name is ns->prefix which is
allowed to be NULL -> None -> unsubscriptable, no?)
However xmlNs nodes are constructed fine through xmlNode.ns so it
seems to be an xpath related problem. I could find nothing that seemed
to be related in recent changelog or bugtracker. Is this a real issue
that's just gone unnoticed?
I tried the simplest C equivalent I could cook up from the docs
(attached libxml2_nocrash.c) which behaves itself, perhaps suggesting
the problem's in the python bindings. Could someone with a good
understanding of the lib can get a better idea of what exactly is up?
Martin
import libxml2
d = libxml2.parseDoc("<a:a xmlns:a='urn:whatevar'/>")
for n in d.xpathEval("//namespace::*"):
print n
d.freeDoc()
#include "libxml/parser.h"
#include "libxml/tree.h"
#include "libxml/xpath.h"
void noproblem(const char* xml, const xmlChar* xpath)
{
xmlDocPtr doc = xmlReadMemory(xml, strlen(xml), 0, 0, 0);
if (doc)
{
xmlXPathContextPtr xpathCtx = xmlXPathNewContext(doc);
if (xpathCtx)
{
xmlXPathObjectPtr xpathObj = xmlXPathEvalExpression(xpath, xpathCtx);
if (xpathObj)
{
xmlBufferPtr buf = xmlBufferCreate();
if (buf)
{
xmlNodeSetPtr nodes = xpathObj->nodesetval; // could not be nodeset but hey
int i, l = nodes ? nodes->nodeNr : 0;
for (i = 0; i < l; ++i)
{
xmlNodeDump(buf, doc, nodes->nodeTab[i], 0, 0); // can error
xmlBufferCat(buf, "\n");
}
printf(xmlBufferContent(buf));
xmlBufferFree(buf);
}
xmlXPathFreeObject(xpathObj);
}
xmlXPathFreeContext(xpathCtx);
}
xmlFreeDoc(doc);
}
}
int main()
{
xmlInitParser();
noproblem("<a:a xmlns:a='urn:whatevar'/>", "//namespace::*");
xmlCleanupParser();
}
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
[email protected]
http://mail.gnome.org/mailman/listinfo/xml
