Bug 1211 - sigsegv in xmlStrcat and xmlStrcat
Summary: sigsegv in xmlStrcat and xmlStrcat
Status: CLOSED NOTABUG
Alias: None
Product: Sisyphus
Classification: Development
Component: libxml2 (show other bugs)
Version: unstable
Hardware: all Linux
: P4 critical
Assignee: Mikhail Zabaluev
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-08-20 20:27 MSD by Alexey Voinov
Modified: 2003-08-25 15:18 MSD (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Voinov 2002-08-20 20:27:13 MSD 
Вот такой маленький пример:
#include <stdio.h>
#include <libxml/parser.h>

int main(void)
{
        xmlChar *aaa = (xmlChar*)\"aaa\";
        xmlChar *bbb = (xmlChar*)\"bbb\";
        xmlChar *ccc = xmlStrcat(aaa, bbb);
        printf(\"%s\\n\", (const char*)ccc);
        return 0;
}

Заканчивается Segmentation Fault.

$ catchsegv ./a.out
*** Segmentation fault
Register dump:

 EAX: 08000000   EBX: 2acd86f8   ECX: 00000001   EDX: 08048504
 ESI: 00000007   EDI: 00020000   EBP: 7ffff458   ESP: 7ffff430

 EIP: 2ac25655   EFLAGS: 00210206

 CS: 0023   DS: 002b   ES: 002b   FS: 0000   GS: 0000   SS: 002b

 Trap: 0000000e   Error: 00000004   OldMask: 00000000
 ESP/signal: 7ffff430   CR2: 08000000

Backtrace:
/lib/libc.so.6(__libc_realloc+0x1c5)[0x2ac25655]
/lib/libc.so.6[0x2ac23e81]
/lib/libc.so.6(__libc_realloc+0x31)[0x2ac254c1]
/usr/lib/libxml2.so.2(xmlStrncat+0x67)[0x2aaf99e7]
/usr/lib/libxml2.so.2(xmlStrcat+0x53)[0x2aaf9a93]
./a.out[0x8048498]
/lib/libc.so.6(__libc_start_main+0x93)[0x2abc26e7]
./a.out(xmlStrcat+0x35)[0x80483d1]
---

---
Comment 1 Mikhail Zabaluev 2002-08-21 09:41:53 MSD 
The first argument of xmlStrcat is supposed to be either a string buffer allocated with the library\'s allocation functions, or NULL. The buffer may be subjected to reallocation in the routine, and it\'s handed to realloc() by default. The sample uses statically allocated string literals.
Comment 2 Mikhail Zabaluev 2002-08-21 09:41:53 MSD 
The first argument of xmlStrcat is supposed to be either a string buffer allocated with the library\'s allocation functions, or NULL. The buffer may be subjected to reallocation in the routine, and it\'s handed to realloc() by default. The sample uses statically allocated string literals.