[Expat-bugs] [ expat-Bugs-899548 ] Expat crashes and generates wrong resulst in XML_ParseBuffer

SourceForge.net noreply at sourceforge.net
Wed Feb 18 10:54:14 EST 2004 

Bugs item #899548, was opened at 2004-02-18 07:59
Message generated for change (Comment added) made by kwaclaw
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=899548&group_id=10127

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Zygmunt Krynicki (zygoon)
>Assigned to: Karl Waclawek (kwaclaw)
Summary: Expat crashes and generates wrong resulst in XML_ParseBuffer

Initial Comment:
Identical code using XML_Parse works correctly.
Expat version: 1.95.7
Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x4003cb4e in normal_updatePosition (enc=0x40050260,
ptr=0x804d000 <Address 0x804d000 out of bounds>,
end=0x804baa0 "", pos=0x804a47c)
    at xmltok_impl.c:1745
(gdb) bt
#0  0x4003cb4e in normal_updatePosition
(enc=0x40050260, ptr=0x804d000 <Address 0x804d000 out
of bounds>, end=0x804baa0 "", pos=0x804a47c)
    at xmltok_impl.c:1745
#1  0x4002ec29 in XML_GetCurrentColumnNumber
(parser=0x804a2e8) at lib/xmlparse.c:1615
#2  0x08048e43 in main ()
#3  0x40069d06 in __libc_start_main () from /lib/libc.so.6

Code fragment with error checking snipped

#define BUF_SIZE 4096

p = XML_ParserCreate (NULL);
buffer = XML_GetBuffer (p, BUFF_SIZE);

do {
    len = read (fd, buffer, BUFF_SIZE);
    if (len < 0)  {
        fprintf (stdout, "%s: %s\n", *argv, strerror
(errno));
        break;
    }
    if (! XML_ParseBuffer (p, len, len == 0)) {
        fprintf (stdout, "%s:%d:%d %s\n",
                *argv,
                XML_GetCurrentLineNumber (p),
                XML_GetCurrentColumnNumber (p),
                XML_ErrorString (XML_GetErrorCode (p))
                );
    }
} while (len > 0);

The original xml is valid and parses without errors
when I allocate the buffer myself and use XML_Parse

----------------------------------------------------------------------

>Comment By: Karl Waclawek (kwaclaw)
Date: 2004-02-18 10:54

Message:
Logged In: YES 
user_id=290026

Please attach a simple self-contained program (C source)
that can reproduce this error.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=899548&group_id=10127

More information about the Expat-bugs mailing list