ALT Linux Bugzilla – Full Text Bug Listing
| Summary: | sigsegv in xmlStrcat and xmlStrcat | ||
|---|---|---|---|
| Product: | Sisyphus | Reporter: | Alexey Voinov <voins> |
| Component: | libxml2 | Assignee: | Mikhail Zabaluev <mhz> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | critical | ||
| Priority: | P4 | CC: | at, shaba |
| Version: | unstable | ||
| Hardware: | all | ||
| OS: | Linux | ||
The first argument of xmlStrcat is supposed to be either a string buffer allocated with the library\'s allocation functions, or NULL. The buffer may be subjected to reallocation in the routine, and it\'s handed to realloc() by default. The sample uses statically allocated string literals. The first argument of xmlStrcat is supposed to be either a string buffer allocated with the library\'s allocation functions, or NULL. The buffer may be subjected to reallocation in the routine, and it\'s handed to realloc() by default. The sample uses statically allocated string literals. |
Вот такой маленький пример: #include <stdio.h> #include <libxml/parser.h> int main(void) { xmlChar *aaa = (xmlChar*)\"aaa\"; xmlChar *bbb = (xmlChar*)\"bbb\"; xmlChar *ccc = xmlStrcat(aaa, bbb); printf(\"%s\\n\", (const char*)ccc); return 0; } Заканчивается Segmentation Fault. $ catchsegv ./a.out *** Segmentation fault Register dump: EAX: 08000000 EBX: 2acd86f8 ECX: 00000001 EDX: 08048504 ESI: 00000007 EDI: 00020000 EBP: 7ffff458 ESP: 7ffff430 EIP: 2ac25655 EFLAGS: 00210206 CS: 0023 DS: 002b ES: 002b FS: 0000 GS: 0000 SS: 002b Trap: 0000000e Error: 00000004 OldMask: 00000000 ESP/signal: 7ffff430 CR2: 08000000 Backtrace: /lib/libc.so.6(__libc_realloc+0x1c5)[0x2ac25655] /lib/libc.so.6[0x2ac23e81] /lib/libc.so.6(__libc_realloc+0x31)[0x2ac254c1] /usr/lib/libxml2.so.2(xmlStrncat+0x67)[0x2aaf99e7] /usr/lib/libxml2.so.2(xmlStrcat+0x53)[0x2aaf9a93] ./a.out[0x8048498] /lib/libc.so.6(__libc_start_main+0x93)[0x2abc26e7] ./a.out(xmlStrcat+0x35)[0x80483d1] --- ---