Bug 1211 - sigsegv in xmlStrcat and xmlStrcat
: sigsegv in xmlStrcat and xmlStrcat
Status: CLOSED NOTABUG
: Sisyphus
(All bugs in Sisyphus/libxml2)
: unstable
: all Linux
: P4 critical
Assigned To:
:
:
:
:
:
  Show dependency tree
 
Reported: 2002-08-20 20:27 by
Modified: 2003-08-25 15:18 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2002-08-20 20:27:13
Вот такой маленький пример:
#include <stdio.h>
#include <libxml/parser.h>

int main(void)
{
        xmlChar *aaa = (xmlChar*)\"aaa\";
        xmlChar *bbb = (xmlChar*)\"bbb\";
        xmlChar *ccc = xmlStrcat(aaa, bbb);
        printf(\"%s\\n\", (const char*)ccc);
        return 0;
}

Заканчивается Segmentation Fault.

$ catchsegv ./a.out
*** Segmentation fault
Register dump:

 EAX: 08000000   EBX: 2acd86f8   ECX: 00000001   EDX: 08048504
 ESI: 00000007   EDI: 00020000   EBP: 7ffff458   ESP: 7ffff430

 EIP: 2ac25655   EFLAGS: 00210206

 CS: 0023   DS: 002b   ES: 002b   FS: 0000   GS: 0000   SS: 002b

 Trap: 0000000e   Error: 00000004   OldMask: 00000000
 ESP/signal: 7ffff430   CR2: 08000000

Backtrace:
/lib/libc.so.6(__libc_realloc+0x1c5)[0x2ac25655]
/lib/libc.so.6[0x2ac23e81]
/lib/libc.so.6(__libc_realloc+0x31)[0x2ac254c1]
/usr/lib/libxml2.so.2(xmlStrncat+0x67)[0x2aaf99e7]
/usr/lib/libxml2.so.2(xmlStrcat+0x53)[0x2aaf9a93]
./a.out[0x8048498]
/lib/libc.so.6(__libc_start_main+0x93)[0x2abc26e7]
./a.out(xmlStrcat+0x35)[0x80483d1]
---

---

------- Comment #1 From 2002-08-21 09:41:53 -------
The first argument of xmlStrcat is supposed to be either a string buffer
allocated with the library\'s allocation functions, or NULL. The buffer may be
subjected to reallocation in the routine, and it\'s handed to realloc() by
default. The sample uses statically allocated string literals.
------- Comment #2 From 2002-08-21 09:41:53 -------
The first argument of xmlStrcat is supposed to be either a string buffer
allocated with the library\'s allocation functions, or NULL. The buffer may be
subjected to reallocation in the routine, and it\'s handed to realloc() by
default. The sample uses statically allocated string literals.