On Dienstag 05 April 2011, Wolfgang Rohdewald wrote: > On Dienstag 05 April 2011, Nikolay Sivov wrote: > > DICT_FREE() already check if string is owned by a dictionary > > or not. If it's owned it's freed with a dictionary in > > xmlDictFree(), otherwise it's freed as is with xmlFree. > > DICT_FREE fails because cur->doc is NULL, so there is no dict > > do you have an idea how that could happen?
I believe this is what happens: 1. SAX2TextNode() sets content using ctxt->dict but it does not copy ctxt->myDoc to the new node. So this is inconsistent at the end of SAX2TextNode(): content points to a dict entry but ->doc is NULL and so ->doc->dict cannot be reached. Maybe SAX2TextNode() is relying on later code to fill in ->doc 2. xmlAddChild does "If parent->last is nbktext and we're not, merge with current node" and then it frees the current node which still has doc==NULL so DICT_FREE does not know content is a dict entry and frees it wrongly. with this patch I can generate KDE4 html manuals on windows but I did not investigate why this problem does not happen on Linux. It seems this code path is not taken very often however. this is the KDE bug I want to fix: https://bugs.kde.org/show_bug.cgi?id=263828 --- SAX2.c 2010-03-15 16:06:22.000000000 +0100 +++ n 2011-04-05 15:17:18.031908992 +0200 @@ -1832,6 +1832,7 @@ if (ctxt->dictNames) { xmlChar cur = str[len]; + ret->doc = ctxt->myDoc; if ((len < (int) (2 * sizeof(void *))) && (ctxt->options & XML_PARSE_COMPACT)) { /* store the string in the node overrithing properties and nsDef */ -- Wolfgang _______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] http://mail.gnome.org/mailman/listinfo/xml
