Hi Martin I had this problem in history too, but i gave up. (but I am constantly monitoring this issue as this is on my long-term radar)
Do a diff between 2.6.something and 2.6.32 in tree.c: xmlReconciliateNs() You find 4-5 lines diff for addressing some Memory issues. When you do a quick "google: xmlReconciliateNs" And you look VERY carefully, you will see, that you get 1730 hits, mainly topic'd with Trouble, problem, Fix Very interesting, in 2002, Kasimier Buchcik wrote a new xmlReconciliateNs() but it was not taken. http://mail.gnome.org/archives/xml/2003-May/msg00066.html I really understand Daniel in some way not replacing a *known* buggy function with a new version which has some issues too. Daniel: "Your algorithm is certainly better than the existing one but I'm not sure it is the right way to proceed acually." It is a real shame, that Daniel offered a new Idea for this function, but never did it. But in a situation where I have a code, who has several main glitches, I would replace this code even with the other code, even if it does not meet my taste. For you this is sure not funny, but you have several methods to fix your problem: 1: Try the other code from Kasimier. (maybe it helps, but it seems to be so from first look) 2: Write your own fix to libxml and post it to libxml (and it will never be used) 3: Do not use xmlReconciliateNs() and try to get rid of the need. 4: Change your XML lib. (...) 5: Write to OASIS, give them a 20 new testcase to the XML Test Suite where Libxml fails, and then Libxml will Fail in W3C Conformance test, and then *somebody* has to react. :-) That's Opensource, and once a function gets below 5% overall usage, nobody cares about this. In this point I agree with Linus, who tells us: "one reason I refuse to bother with the whole security circus is that I think it glorifies - and thus encourages - the wrong behavior. It makes 'heroes' out of security people, as if the people who don't just fix normal bugs aren't as important. In fact, all the boring normal bugs are _way_ more important, just because there's a lot more of them. I don't think some spectacular security hole should be glorified or cared about as being any more 'special' than a random spectacular crash due to bad locking." And this is the same Daniel is doing here atm. Can somebody tell him, that 90% of all Opensource Linux software is using Libxml ? Franz _______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] http://mail.gnome.org/mailman/listinfo/xml
