Bugs item #28198, was opened at 2010-05-13 12:53
You can respond by visiting:
http://rubyforge.org/tracker/?func=detail&atid=1971&aid=28198&group_id=494
Category: None
Group: None
>Status: Closed
>Resolution: Accepted
Priority: 3
Submitted By: Mamoru Tasaka (mtasaka)
>Assigned to: Charlie Savage (cfis)
Summary: 1.1.4 segfaults with test/tc_sax_parser.rb
Initial Comment:
With ruby 1.8.6p399 / libxml2 2.7.7 / libxml-ruby-1.1.4 gem
running test program test/tc_sax_parser.rb (in libxml-ruby-1.1.4 gem)
causes segfault and it seems that segfault is happening in
libxml-ruby side.
gdb log attached.
----------------------------------------------------------------------
>Comment By: Charlie Savage (cfis)
Date: 2011-04-22 21:44
Message:
Hi Mamoru,
This has been fixed in the latest release (I think I applied your patch from a
git branch). Thanks for the report and fix!
Charlieh
----------------------------------------------------------------------
Comment By: Huzaifa Sidhpurwala (huzaifas)
Date: 2011-01-18 23:36
Message:
any ETA on this one?
----------------------------------------------------------------------
Comment By: Hans de Graaff (graaff)
Date: 2010-12-03 08:30
Message:
I've written a patch for this that I can't seem to attach to the bug as a file.
Note that even with this patch the test still fails:
1) Failure:
test_parse_error(TestSaxParser) [./test/tc_sax_parser.rb:244]:
<LibXML::XML::Error> exception expected but was
Class: <NoMethodError>
Message: <"undefined method `on_error' for false:FalseClass">
I assume that this is another side-effect of the parsing failing and the
remainder of the C method (that should raise the error) not being carried out.
I'm not sure if the xmlParseDocument behaviour changed at some point, so I
can't really propose a fix for this.
Patch inline:
--- ext/libxml/ruby_xml_sax_parser.c.~1~ 2010-12-03 15:41:33.849563666
+0100
+++ ext/libxml/ruby_xml_sax_parser.c 2010-12-03 15:42:48.824938521 +0100
@@ -94,6 +94,7 @@
int status;
VALUE context = rb_ivar_get(self, CONTEXT_ATTR);
xmlParserCtxtPtr ctxt;
+ xmlSAXHandlerPtr handler = NULL;
Data_Get_Struct(context, xmlParserCtxt, ctxt);
ctxt->sax2 = 1;
@@ -101,15 +102,15 @@
if (ctxt->sax != (xmlSAXHandlerPtr) &xmlDefaultSAXHandler)
xmlFree(ctxt->sax);
-
- ctxt->sax = (xmlSAXHandlerPtr)&rxml_sax_handler;
+
+ /* Provide a copy of our handler to that it can be freed by libxml2. */
+ handler = xmlMalloc(sizeof(xmlSAXHandler));
+ memcpy(handler, &rxml_sax_handler, sizeof(xmlSAXHandler));
+
+ ctxt->sax = handler;
status = xmlParseDocument(ctxt);
- /* IMPORTANT - null the handle to our sax handler
- so libxml doesn't try to free it.*/
- ctxt->sax = NULL;
-
/* Now check the parsing result*/
if (status == -1 || !ctxt->wellFormed)
{
----------------------------------------------------------------------
Comment By: Hans de Graaff (graaff)
Date: 2010-12-03 07:33
Message:
This happens because rxml_sax_parser_parse() in ruby_xml_sax_parser.c set
ctxt->sax to a statically defined sax object that cannot be freed, specifically
rxml_sax_handler defined in ruby_xml_sax2_handler.c.
The code tries to compensate for that by resetting ctxt->sax back to NULL right
after parsing, but since the failing test induces a parsing error I guess the
object is ctxt object is freed before the ctxt->sax pointer can be reset to
NULL.
----------------------------------------------------------------------
Comment By: Mamoru Tasaka (mtasaka)
Date: 2010-06-10 12:40
Message:
The testcase in
http://rubyforge.org/pipermail/libxml-devel/2010-June/001502.html
crashes at the same place:
(gdb) bt
#0 0x00f42416 in __kernel_vsyscall ()
#1 0x008c8eb1 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0x008ca78a in abort () at abort.c:92
#3 0x0090793d in __libc_message (do_abort=2, fmt=0x9f1ce0
"*** glibc detected *** %s: %s: 0x%s ***\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
#4 0x0090de91 in malloc_printerr (action=<value optimized
out>, str=<value optimized out>, ptr=0xbcd780)
at malloc.c:6283
#5 0x02cee62d in xmlFreeParserCtxt__internal_alias
(ctxt=0x82abee0) at parserInternals.c:1797
#6 0x00bbd5ae in rxml_parser_context_free (ctxt=0x82abee0)
at ruby_xml_parser_context.c:20
#7 0x067a069e in rb_gc_call_finalizer_at_exit () at gc.c:1988
#8 0x067858c8 in ruby_finalize_1 () at eval.c:1572
#9 0x06791e9b in ruby_cleanup (ex=0) at eval.c:1609
#10 0x06791fce in ruby_stop (ex=0) at eval.c:1664
#11 0x06799206 in ruby_run () at eval.c:1685
#12 0x0804867e in main (argc=3, argv=0xbffff034,
envp=0xbffff044) at main.c:48
----------------------------------------------------------------------
Comment By: Mamoru Tasaka (mtasaka)
Date: 2010-05-13 13:09
Message:
Note that the attachedd gdb log shows that one other
test failure is occuring in the test.
For segfault issue, commenting out the line 20 of
./ext/libxml/ruby_xml_parser_context.c seems to stop
segfault, however I don't know if this is the desired
solution.
----------------------------------------------------------------------
You can respond by visiting:
http://rubyforge.org/tracker/?func=detail&atid=1971&aid=28198&group_id=494
_______________________________________________
libxml-devel mailing list
libxml-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/libxml-devel
