I have a pretty stock CentOS 5.4 system, and am attempting to build
APR-Util 1.3.11
Everything builds file, however, in running the tests, I get a core
dump executing "testxml".
Without trying to spam the list - a summary of the dump indicates it
was executing the function "test_CVE_2009_3720_alpha", feeding the
string "\0\r\n" to the apr_xml_parser when it crashed inside
apr_xml_parser_done.
When I moved the call to test_CVE_2009_3720_alpha() to be the LAST of
the calls in the textml() function - it was indeed only that one which
crashed. i.e. - It passed the other 3 tests (test_xml_parser,
test_billion_laughs and test_CVE_2009_3720_beta).
Also, when I changed the text string being passed to "<xml></xml>" -
the test passed and did not crash.
Is this something dowstream of APR/APR-Util which is having this
problem? (It is a new, pretty standard install). Has anyone else seen
something like this? Given the odd string being passed - was this test
put there for a specific reason?
Summary backtrace as follows:
#4 0x0000003ebb40d0ad in XML_Parse () from /lib64/libexpat.so.0
#5 0x00002b610cfc9450 in do_parse (parser=0x108f73a0,
data=0x7fff944d11b0 "\217▒r\020", len=0, is_final=-1806888528)
at xml/apr_xml.c:418
#6 0x00002b610cfc94aa in apr_xml_parser_done (parser=0x0,
pdoc=0x7fff944d1358) at xml/apr_xml.c:441
#7 0x000000000040899c in test_CVE_2009_3720_alpha (tc=<value
optimized out>, data=<value optimized out>) at testxml.c:179
#8 0x00000000004050fd in abts_run_test (ts=<value optimized out>,
f=0x408960 <test_CVE_2009_3720_alpha>, value=0x0)
at abts.c:169
#9 0x00000000004088f3 in testxml (suite=0x106564d0) at testxml.c:201
#10 0x0000000000404677 in main (argc=<value optimized out>,
argv=<value optimized out>) at abts.c:411
