On Mon, Aug 25, 2008 at 09:56:15PM +0200, Mike Hommey wrote: > On Mon, Aug 25, 2008 at 09:47:32PM +0200, Mike Hommey wrote: > > > yeah, it's a serious problem, I made data structure available > > > to help with fast access to the trees, but people have abused it, > > > I hope there isn't too many of those. > > > I hope librsvg get fixed, because I would really prefer the clean > > > solution in the upcoming 2.7.0 release. > > > > FWIW, strigi is also impacted. > > http://websvn.kde.org/trunk/kdesupport/strigi/src/streamanalyzer/fieldpropertiesdb.cpp?view=markup > > (look for "new xmlEntity") > > And many others, as reported on > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496125 : > > liferea 1.4.16b has this: > > src/xml.c: entity = (xmlEntityPtr)g_new0 (xmlEntity, 1); > > PHP 5.2.6 has this: > > ext/dom/dom_iterators.c:61: ret = (xmlEntityPtr) > xmlMalloc(sizeof(xmlEntity)); > ext/dom/dom_iterators.c:62: memset(ret, 0, sizeof(xmlEntity)); > > QT 4.4.0 has this (with an instructive comment in front of it): > > src/3rdparty/webkit/WebCore/dom/XMLTokenizer.cpp:static xmlEntity > sharedXHTMLEntity = { > > (Note that for the latter, there is also, at least in upstream webkit: > #if LIBXML_VERSION >= 20627 > // xmlEntity gained an extra member in 2.6.27. > 1 > #endif > > Which is quite ugly actually. > > Anyways, I'm afraid it means you're doomed.
yes, I have seen those reports, which is why i reverted the SVN upstream version to keep a binary compatible xmlEntity structure. The worse is that this structure grew in october 2006 adding the owner field and nobody complained ... mistery of memory allocations and alignments. I think the core of the problem comes from the fact that the existing entities allocation routines exported by libxml2 fail to work if there is no document or if the document has not an existing DTD (and that behaviour make sense wince entities are registered in hash table in the document DTD). So those not willing to build the document or DTD worked around it by doing their own allocation, but is an abuse but doable from C. To cope with this I also added yesterday a different allocation function xmlNewEntity() which will work even if the doc is not available or has no DTD, that will allow the offenders to fix their code (possibly using #if LIBXML_VERSION >= 20700 to keep compiling on older versions) and solve the problem in the long term. Note that the xmlDoc document structure will grow too in 2.7.0 (to hold parser option and being able to detect document using XML 1.0 before revision 5) as well as the parser structure. Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ [EMAIL PROTECTED] | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ _______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] http://mail.gnome.org/mailman/listinfo/xml
