[
https://issues.apache.org/jira/browse/XERCESC-1969?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jasper updated XERCESC-1969:
----------------------------
Description:
I use the following code:
TProt* pProt = new TProt(TProt::LoadFromString(std::string(pBuf), &XMLerror,
"http://www.foobar.org/Protocol " + "/var/schema.xsd"));
Which then calls:
Cprotocol Cprotocol::LoadFromString(const string_type&
text,xercesc::ErrorHandler* errHandler /* = NULL */, const string_type&
schemaLocation)
{
return Cprotocol(XercesTreeOperations::LoadXml(text, errHandler,
schemaLocation));
}
The stack trace which leads up to the double free:
Thread [8] 1141 (Suspended : Container)
~XMLBuffer() at XMLBuffer.hpp:76 0x523fac
~IGXMLScanner() at IGXMLScanner.cpp:163 0x523fac
xercesc_3_1::AbstractDOMParser::cleanUp() at AbstractDOMParser.cpp:160
0x438240
~AbstractDOMParser() at AbstractDOMParser.cpp:130 0x438534
~XercesDOMParser() at XercesDOMParser.cpp:66 0x447c84
~XSDDOMParser() at XSDDOMParser.cpp:66 0x49a8ac
xercesc_3_1::IGXMLScanner::resolveSchemaGrammar() at
IGXMLScanner2.cpp:1,981 0x52cc84
xercesc_3_1::IGXMLScanner::parseSchemaLocation() at
IGXMLScanner2.cpp:1,727 0x52d548
xercesc_3_1::IGXMLScanner::scanStartTagNS() at IGXMLScanner.cpp:2,205
0x526c74
xercesc_3_1::IGXMLScanner::scanContent() at IGXMLScanner.cpp:890
0x528a64
xercesc_3_1::IGXMLScanner::scanDocument() at IGXMLScanner.cpp:217
0x528c58
xercesc_3_1::AbstractDOMParser::parse() at AbstractDOMParser.cpp:545
0x438f0c
XercesTreeOperations::LoadXml() at Node.cpp:708 0x2364d8
protocol::prot::Cprotocol::LoadFromString() at protocol.cpp:2,270
0x2904f0
CProtocolHelperFunctions::LoadXMLRequest() at CProtocolBase.cpp:34
0xc56cc
And it dies at this:
~XMLBuffer()
{
=> fMemoryManager->deallocate(fBuffer); //delete [] fBuffer;
}
It is worth mentioning that LoadFromString is called several times before this
error occurs.
was:
I use the following code:
TProt* pProt = new TProt(TProt::LoadFromString(std::string(pBuf), &XMLerror,
"http://www.foobar.org/Protocol " + "/var/schema.xsd"));
Which then calls:
Cprotocol Cprotocol::LoadFromString(const string_type&
text,xercesc::ErrorHandler* errHandler /* = NULL */, const string_type&
schemaLocation)
{
return Cprotocol(XercesTreeOperations::LoadXml(text, errHandler,
schemaLocation));
}
The stack trace which leads up to the double free:
Thread [8] 1141 (Suspended : Container)
~XMLBuffer() at XMLBuffer.hpp:76 0x523fac
~IGXMLScanner() at IGXMLScanner.cpp:163 0x523fac
xercesc_3_1::AbstractDOMParser::cleanUp() at AbstractDOMParser.cpp:160
0x438240
~AbstractDOMParser() at AbstractDOMParser.cpp:130 0x438534
~XercesDOMParser() at XercesDOMParser.cpp:66 0x447c84
~XSDDOMParser() at XSDDOMParser.cpp:66 0x49a8ac
xercesc_3_1::IGXMLScanner::resolveSchemaGrammar() at
IGXMLScanner2.cpp:1,981 0x52cc84
xercesc_3_1::IGXMLScanner::parseSchemaLocation() at
IGXMLScanner2.cpp:1,727 0x52d548
xercesc_3_1::IGXMLScanner::scanStartTagNS() at IGXMLScanner.cpp:2,205
0x526c74
xercesc_3_1::IGXMLScanner::scanContent() at IGXMLScanner.cpp:890
0x528a64
xercesc_3_1::IGXMLScanner::scanDocument() at IGXMLScanner.cpp:217
0x528c58
xercesc_3_1::AbstractDOMParser::parse() at AbstractDOMParser.cpp:545
0x438f0c
XercesTreeOperations::LoadXml() at Node.cpp:708 0x2364d8
protocol::prot::Cprotocol::LoadFromString() at protocol.cpp:2,270
0x2904f0
CProtocolHelperFunctions::LoadXMLRequest() at CProtocolBase.cpp:34
0xc56cc
And it dies at this:
~XMLBuffer()
{
=> fMemoryManager->deallocate(fBuffer); //delete [] fBuffer;
}
> Double-free in ~XMLBuffer
> -------------------------
>
> Key: XERCESC-1969
> URL: https://issues.apache.org/jira/browse/XERCESC-1969
> Project: Xerces-C++
> Issue Type: Bug
> Components: Validating Parser (XML Schema)
> Affects Versions: 3.1.1
> Environment: Embedded linux on ARM-6, cross compliled using gcc for
> arm-1136jfs-linux-gnueabi
> Reporter: Jasper
>
> I use the following code:
> TProt* pProt = new TProt(TProt::LoadFromString(std::string(pBuf), &XMLerror,
> "http://www.foobar.org/Protocol " + "/var/schema.xsd"));
> Which then calls:
> Cprotocol Cprotocol::LoadFromString(const string_type&
> text,xercesc::ErrorHandler* errHandler /* = NULL */, const string_type&
> schemaLocation)
> {
> return Cprotocol(XercesTreeOperations::LoadXml(text, errHandler,
> schemaLocation));
> }
> The stack trace which leads up to the double free:
> Thread [8] 1141 (Suspended : Container)
> ~XMLBuffer() at XMLBuffer.hpp:76 0x523fac
> ~IGXMLScanner() at IGXMLScanner.cpp:163 0x523fac
> xercesc_3_1::AbstractDOMParser::cleanUp() at AbstractDOMParser.cpp:160
> 0x438240
> ~AbstractDOMParser() at AbstractDOMParser.cpp:130 0x438534
> ~XercesDOMParser() at XercesDOMParser.cpp:66 0x447c84
> ~XSDDOMParser() at XSDDOMParser.cpp:66 0x49a8ac
> xercesc_3_1::IGXMLScanner::resolveSchemaGrammar() at
> IGXMLScanner2.cpp:1,981 0x52cc84
> xercesc_3_1::IGXMLScanner::parseSchemaLocation() at
> IGXMLScanner2.cpp:1,727 0x52d548
> xercesc_3_1::IGXMLScanner::scanStartTagNS() at IGXMLScanner.cpp:2,205
> 0x526c74
> xercesc_3_1::IGXMLScanner::scanContent() at IGXMLScanner.cpp:890
> 0x528a64
> xercesc_3_1::IGXMLScanner::scanDocument() at IGXMLScanner.cpp:217
> 0x528c58
> xercesc_3_1::AbstractDOMParser::parse() at AbstractDOMParser.cpp:545
> 0x438f0c
> XercesTreeOperations::LoadXml() at Node.cpp:708 0x2364d8
> protocol::prot::Cprotocol::LoadFromString() at protocol.cpp:2,270
> 0x2904f0
> CProtocolHelperFunctions::LoadXMLRequest() at CProtocolBase.cpp:34
> 0xc56cc
> And it dies at this:
> ~XMLBuffer()
> {
> => fMemoryManager->deallocate(fBuffer); //delete [] fBuffer;
> }
> It is worth mentioning that LoadFromString is called several times before
> this error occurs.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
