[jira] [Created] (XERCESC-1969) Double-free in ~XMLBuffer

Thu, 07 Jul 2011 04:08:50 -0700 

Double-free in ~XMLBuffer
-------------------------

                 Key: XERCESC-1969
                 URL: https://issues.apache.org/jira/browse/XERCESC-1969
             Project: Xerces-C++
          Issue Type: Bug
          Components: Validating Parser (XML Schema)
    Affects Versions: 3.1.1
         Environment: Embedded linux on ARM-6, cross compliled using gcc for 
arm-1136jfs-linux-gnueabi
            Reporter: Jasper


I use the following code:

TProt* pProt = new TProt(TProt::LoadFromString(std::string(pBuf), &XMLerror, 
"http://www.foobar.org/Protocol " + "/var/schema.xsd"));

Which then calls:

Cprotocol Cprotocol::LoadFromString(const string_type& 
text,xercesc::ErrorHandler* errHandler /* = NULL */, const string_type& 
schemaLocation)
{
        return Cprotocol(XercesTreeOperations::LoadXml(text, errHandler, 
schemaLocation));
}

The stack trace which leads up to the double free:

Thread [8] 1141 (Suspended : Container) 
        ~XMLBuffer() at XMLBuffer.hpp:76 0x523fac       
        ~IGXMLScanner() at IGXMLScanner.cpp:163 0x523fac        
        xercesc_3_1::AbstractDOMParser::cleanUp() at AbstractDOMParser.cpp:160 
0x438240 
        ~AbstractDOMParser() at AbstractDOMParser.cpp:130 0x438534      
        ~XercesDOMParser() at XercesDOMParser.cpp:66 0x447c84   
        ~XSDDOMParser() at XSDDOMParser.cpp:66 0x49a8ac 
        xercesc_3_1::IGXMLScanner::resolveSchemaGrammar() at 
IGXMLScanner2.cpp:1,981 0x52cc84   
        xercesc_3_1::IGXMLScanner::parseSchemaLocation() at 
IGXMLScanner2.cpp:1,727 0x52d548    
        xercesc_3_1::IGXMLScanner::scanStartTagNS() at IGXMLScanner.cpp:2,205 
0x526c74  
        xercesc_3_1::IGXMLScanner::scanContent() at IGXMLScanner.cpp:890 
0x528a64       
        xercesc_3_1::IGXMLScanner::scanDocument() at IGXMLScanner.cpp:217 
0x528c58      
        xercesc_3_1::AbstractDOMParser::parse() at AbstractDOMParser.cpp:545 
0x438f0c   
        XercesTreeOperations::LoadXml() at Node.cpp:708 0x2364d8        
        protocol::prot::Cprotocol::LoadFromString() at protocol.cpp:2,270 
0x2904f0      
        CProtocolHelperFunctions::LoadXMLRequest() at CProtocolBase.cpp:34 
0xc56cc      

And it dies at this:

    ~XMLBuffer()
    {
=>        fMemoryManager->deallocate(fBuffer); //delete [] fBuffer;
    }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to