Ubuntu
libxml2 package

"dom::parse invalid" crashes the interpreter

Bug #686363 reported by Alexander Myltsev
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libxml2
Unknown
Unknown
libxml2 (Debian)
Fix Released
Unknown
libxml2 (Ubuntu)
Fix Released
Undecided
Unassigned
tclxml (Debian)
Invalid
Undecided
Unassigned
tclxml (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: tclxml

Parsing any non-well-formed document seems to crash the interpreter:

$ tclsh
% package require xml
3.2
% dom::parse anything
Segmentation fault

I would expect it to report an error instead.

Additional informaiton:
$ apt-cache policy tclxml | grep Inst
  Installed: 3.2-1
$ apt-cache policy libxml2 | grep Inst
  Installed: 2.7.7.dfsg-4ubuntu0.1
$ lsb_release -rd
Description: Ubuntu 10.10
Release: 10.10
$ uname -m
x86_64

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5f4a749 in xmlTextReaderStructuredError (ctxt=0x0, error=0x6ed2f8)
    at ../../xmlreader.c:4670
4670 xmlTextReaderPtr reader = (xmlTextReaderPtr) ctx->_private;
(gdb) bt
#0 0x00007ffff5f4a749 in xmlTextReaderStructuredError (ctxt=0x0,
    error=0x6ed2f8) at ../../xmlreader.c:4670
#1 0x00007ffff5e4398f in __xmlRaiseError (
    schannel=0x7ffff5f4a72d <xmlTextReaderStructuredError>,
    channel=0x7ffff5e42264 <xmlGenericErrorDefaultFunc>, data=0x0,
    ctx=0x6ed0a0, nod=0x0, domain=1, code=4, level=XML_ERR_FATAL, file=0x0,
    line=1, str1=0x0, str2=0x0, str3=0x0, int1=0, col=1,
    msg=0x7ffff5f82d4f "Document is empty\n") at ../../error.c:614
#2 0x00007ffff5e49a62 in xmlFatalErr (ctxt=0x6ed0a0,
    error=XML_ERR_DOCUMENT_EMPTY, info=0x0) at ../../parser.c:469
#3 0x00007ffff5e673e9 in xmlParseTryOrFinish (ctxt=0x6ed0a0, terminate=0)
    at ../../parser.c:10941
#4 0x00007ffff5e69d21 in xmlParseChunk__internal_alias (ctxt=0x6ed0a0,
    chunk=0x6aab10 "anything", size=8, terminate=0) at ../../parser.c:11739
#5 0x00007ffff5f43abf in xmlTextReaderPushData (reader=0x6ead00)
    at ../../xmlreader.c:861
#6 0x00007ffff5f44778 in xmlTextReaderRead__internal_alias (reader=0x6ead00)
    at ../../xmlreader.c:1280
#7 0x00007ffff61dc817 in ?? () from /usr/lib/Tclxml3.2/libTclxml3.2.so
#8 0x00007ffff61d43c1 in ?? () from /usr/lib/Tclxml3.2/libTclxml3.2.so
#9 0x00007ffff61d764f in ?? () from /usr/lib/Tclxml3.2/libTclxml3.2.so
#10 0x00007ffff7b40169 in TclEvalObjvInternal () from /usr/lib/libtcl8.4.so.0
#11 0x00007ffff7b6813e in ?? () from /usr/lib/libtcl8.4.so.0
#12 0x00007ffff7b66231 in TclCompEvalObj () from /usr/lib/libtcl8.4.so.0
#13 0x00007ffff7b97977 in TclObjInterpProc () from /usr/lib/libtcl8.4.so.0
#14 0x00007ffff7b40169 in TclEvalObjvInternal () from /usr/lib/libtcl8.4.so.0
#15 0x00007ffff7b40e8c in Tcl_EvalEx () from /usr/lib/libtcl8.4.so.0
#16 0x00007ffff7b411c9 in Tcl_EvalObjEx () from /usr/lib/libtcl8.4.so.0
#17 0x00007ffff7b45ed3 in Tcl_EvalObjCmd () from /usr/lib/libtcl8.4.so.0
#18 0x00007ffff7b40169 in TclEvalObjvInternal () from /usr/lib/libtcl8.4.so.0
#19 0x00007ffff7b6813e in ?? () from /usr/lib/libtcl8.4.so.0
#20 0x00007ffff7b66231 in TclCompEvalObj () from /usr/lib/libtcl8.4.so.0
#21 0x00007ffff7b97977 in TclObjInterpProc () from /usr/lib/libtcl8.4.so.0
#22 0x00007ffff7b40169 in TclEvalObjvInternal () from /usr/lib/libtcl8.4.so.0
#23 0x00007ffff7b6813e in ?? () from /usr/lib/libtcl8.4.so.0
#24 0x00007ffff7b66231 in TclCompEvalObj () from /usr/lib/libtcl8.4.so.0
#25 0x00007ffff7b4123e in Tcl_EvalObjEx () from /usr/lib/libtcl8.4.so.0
#26 0x00007ffff7b736fe in Tcl_RecordAndEvalObj () from /usr/lib/libtcl8.4.so.0
#27 0x00007ffff7b896e8 in Tcl_Main () from /usr/lib/libtcl8.4.so.0
#28 0x00000000004008f0 in main ()

Tags: patch

Related branches

lp:ubuntu/precise/libxml2
Andrej Shadura (andrew.sh)
affects: tclxml (Ubuntu) → libxml2 (Ubuntu)
Revision history for this message
Andrej Shadura (andrew.sh) wrote :

Jakub Wilk has pointed me to this patch which appears to solve the problem.

Revision history for this message
Andrej Shadura (andrew.sh) wrote :

Bug filed in the upstream's bugzilla:
http://bugzilla.gnome.org/show_bug.cgi?id=638618

Brian Murray (brian-murray)
tags: added: patch
Revision history for this message
Daniel T Chen (crimsun) wrote :

It appears from the bug context that this bug lies in libxml directly, therefore I'm closing the tclxml tasks.

Changed in tclxml (Debian):
status: New → Invalid
Changed in tclxml (Ubuntu):
status: New → Invalid
Bug Watch Updater (bug-watch-updater)
Changed in libxml2 (Debian):
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in libxml2 (Debian):
status: Confirmed → Fix Released
Jamie Strandboge (jdstrand)
Changed in libxml2:
importance: Undecided → Unknown
status: New → Unknown
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libxml2 - 2.7.8.dfsg-5.1ubuntu3

---------------
libxml2 (2.7.8.dfsg-5.1ubuntu3) precise; urgency=low

  * various fixes for __xmlRaiseError (LP: #686363). This can be dropped in
    2.7.8.dfsg-6
    - 111d705c282e03e7202723c6c7e4499f8582bd4f
    - 1b9128bae737fa559f5e2c191d6679a856efbad9
    - 241d4a1069e6bedd0ee2295d7b43858109c1c6d1
    - c2a0fdc4e6d106690d7fd8fa1677e133c94e155d
 -- Jamie Strandboge <email address hidden> Thu, 19 Jan 2012 11:59:30 -0600

Changed in libxml2 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.