Hi I am trying to parse an invalid xml(xml has double dash inside comments tag).Parser calls the error handler with proper error message.In the error handling part,I am calling xmlStopParser API. Immediately crash happens when the control returns to libxml2 code.I have debugged the libxml2 code to find that it tries to copy the remaining input to a buffer which leads to a crash. If I am not calling the xmlStopParser API it is working fine.
xmlStopParser call sets 'ctxt->input->cur' pointer to empty string.(ctxt->input->cur = BAD_CAST"";).But this pointer is being used in memcpy which causes the problem. The following is the exact line at which the crash happens. *memcpy(&buf[len], ctxt->input->cur, nbchar);* where *nbchar = in - ctxt->input->cur;* *Note: I*n both opreration "ctxt->input->cur" is being used which is reset by* *xmlStopParser *Input:* <!-- balbalbal --blablabla--> <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/";> <SOAP:Body> <List xmlns="http://schemas.xyz.com";></List<http://schemas.xyz.com%22%3e%3c/List> > </SOAP:Body> </SOAP:Envelope>z Can this be logged as bug? Thanks, Jeganathan.
_______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] http://mail.gnome.org/mailman/listinfo/xml
