*** This bug is a security vulnerability *** Public security bug reported:
The following query: declare function local:crash() as element()* { for $id in (1,2) return element {"a:a"}{} }; local:crash() raises this error: /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x7c3fcb) [0x16c4fcb] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x7c408e) [0x16c508e] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0xe36379) [0x1d37379] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6232a0) [0x15242a0] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6215df) [0x15225df] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6afc6a) [0x15b0c6a] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a34d7) [0x15a44d7] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a356b) [0x15a456b] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a356b) [0x15a456b] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x69dbb9) [0x159ebb9] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x69fdbd) [0x15a0dbd] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d0d2f) [0x15d1d2f] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d094f) [0x15d194f] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d07a4) [0x15d17a4] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x41cc47) [0x131dc47] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x41c839) [0x131d839] /zorba/trunkbuild/bin/zorba() [0x8057c70] /zorba/trunkbuild/bin/zorba() [0x80590ab] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0xab5e37] /zorba/trunkbuild/bin/zorba() [0x8056011] Zorba error [zerr:ZXQP0002]: "false": assertion failed; raised at /zorba/trunksrc/src/types/typemanagerimpl.cpp:723 Apparently if an element constructor raises a "can not convert to expanded QName" error and the element constructor is rewritten, the element constructor is replaced by an item containing the error message. This sooner or later crashes zorba. ** Affects: zorba Importance: High Status: New ** Visibility changed to: Public ** Changed in: zorba Importance: Undecided => High -- You received this bug notification because you are a member of Zorba Coders, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/855314 Title: Assertion failed in typemanager with for and el constuctor Status in Zorba - The XQuery Processor: New Bug description: The following query: declare function local:crash() as element()* { for $id in (1,2) return element {"a:a"}{} }; local:crash() raises this error: /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x7c3fcb) [0x16c4fcb] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x7c408e) [0x16c508e] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0xe36379) [0x1d37379] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6232a0) [0x15242a0] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6215df) [0x15225df] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6afc6a) [0x15b0c6a] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a34d7) [0x15a44d7] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a356b) [0x15a456b] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a356b) [0x15a456b] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x69dbb9) [0x159ebb9] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x69fdbd) [0x15a0dbd] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d0d2f) [0x15d1d2f] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d094f) [0x15d194f] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d07a4) [0x15d17a4] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x41cc47) [0x131dc47] /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x41c839) [0x131d839] /zorba/trunkbuild/bin/zorba() [0x8057c70] /zorba/trunkbuild/bin/zorba() [0x80590ab] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0xab5e37] /zorba/trunkbuild/bin/zorba() [0x8056011] Zorba error [zerr:ZXQP0002]: "false": assertion failed; raised at /zorba/trunksrc/src/types/typemanagerimpl.cpp:723 Apparently if an element constructor raises a "can not convert to expanded QName" error and the element constructor is rewritten, the element constructor is replaced by an item containing the error message. This sooner or later crashes zorba. To manage notifications about this bug go to: https://bugs.launchpad.net/zorba/+bug/855314/+subscriptions -- Mailing list: https://launchpad.net/~zorba-coders Post to : zorba-coders@lists.launchpad.net Unsubscribe : https://launchpad.net/~zorba-coders More help : https://help.launchpad.net/ListHelp