I looked at the disassembly of
void XMLCDECL
xmlGenericErrorDefaultFunc(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...) {
va_list args;
if (xmlGenericErrorContext == NULL)
xmlGenericErrorContext = (void *) stderr;
va_start(args, msg);
vfprintf((FILE *)xmlGenericErrorContext, msg, args);
va_end(args);
}
on amd64. It seems that xmlGenericErrorContext is
(*__xmlGenericErrorContext()) and seems to evaluate differently in the
three calls that are made here. The first two return the same value but
the third returns a different value. This causes vfprintf to get NULL as
the first argument even though the code appears to guard against that.
The implementation has
void * *
__xmlGenericErrorContext(void) {
if (IS_MAIN_THREAD)
return (&xmlGenericErrorContext);
else
return (&xmlGetGlobalState()->xmlGenericErrorContext);
}
and it seems that IS_MAIN_THREAD evaluates to zero on all three cases.
xmlGetGlobalState(), however, returns first 0x7fffe4019170 and then
0x7fffe4019540. Both have sane data but of course only the first one is
updated to refer to stderr, the second one has xmlGenericErrorContext
set to zero.
xmlGetGlobalState looks very complicated, I can't immediately see why it
would return different value for the same thread during the same
function call.
Anyways, if I apply
diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog
--- libxml2-2.7.8.dfsg/debian/changelog
+++ libxml2-2.7.8.dfsg/debian/changelog
@@ -1,3 +1,9 @@
+libxml2 (2.7.8.dfsg-2lindi0) unstable; urgency=low
+
+ * Try to workaround
https://bugs.launchpad.net/ubuntu/+source/foxtrotgps/+bug/787953
+
+ -- Timo Lindfors <[email protected]> Wed, 01 Jun 2011 00:55:10 +0300
+
libxml2 (2.7.8.dfsg-2) unstable; urgency=low
* xpath.c: Fix a double-freeing error in XPath processing code.
only in patch2:
unchanged:
--- libxml2-2.7.8.dfsg.orig/error.c
+++ libxml2-2.7.8.dfsg/error.c
@@ -70,12 +70,13 @@
void XMLCDECL
xmlGenericErrorDefaultFunc(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...) {
va_list args;
+ void *errorContext = xmlGenericErrorContext;
- if (xmlGenericErrorContext == NULL)
- xmlGenericErrorContext = (void *) stderr;
+ if (errorContext == NULL)
+ errorContext = (void *) stderr;
va_start(args, msg);
- vfprintf((FILE *)xmlGenericErrorContext, msg, args);
+ vfprintf((FILE *)errorContext, msg, args);
va_end(args);
}
to libxml2 I do not see the crash anymore.
I doubt the bug is in libxml2 itself but this information might help in
any case. I suspect some threading bug in foxtrotgps.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/787953
Title:
foxtrotgps crashed with SIGSEGV in ___vfprintf_chk()
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
