6791 – Crash on generic XML file

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 6791 - Crash on generic XML file

Summary: Crash on generic XML file

Status:	RESOLVED FIXED

Alias:	None

Product:	Amaya
Classification:	Unclassified
Component:	XML (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	lcarcone
QA Contact:	lcarcone

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-04-08 14:04 UTC by Magnus Henoch
Modified:	2009-04-10 09:26 UTC (History)
CC List:	5 users (show)

See Also:

Attachments
File that crashes Amaya (79 bytes, application/xml) 2009-04-08 14:04 UTC, Magnus Henoch	Details
Don't pass NULL to strcmp (1.15 KB, patch) 2009-04-08 14:07 UTC, Magnus Henoch	Details

Description Magnus Henoch 2009-04-08 14:04:13 UTC

Created attachment 681 [details]
File that crashes Amaya

I just compiled Amaya from CVS, and tried to open the attached XML file.  This results in a segfault, with the following backtrace:

#0  0xb71cd18a in strcmp () from /lib/libc.so.6
#1  0x08173cd4 in EndOfAttributeName (xmlName=0xa867328 "a|a") at ../../amaya/Xml2thot.c:3182
#2  0x08174b29 in Hndl_ElementStart (userData=0x0, name=0xa8894cf "b", attlist=0xa888a90) at ../../amaya/Xml2thot.c:4446
#3  0xb7f96aaa in ?? () from /usr/lib/libxmlparse.so.0
#4  0xb7f97fe9 in ?? () from /usr/lib/libxmlparse.so.0
#5  0xb7f94012 in XML_Parse () from /usr/lib/libxmlparse.so.0
#6  0x0816fb4e in XmlParse (infile=0xa880bb0, charset=UNDEFINED_CHARSET, xmlDec=0xbfffadeb, xmlDoctype=0xbfffadea) at ../../amaya/Xml2thot.c:5924
#7  0x08175760 in StartXmlParser (doc=1, fileName=0xa881c90 "/home/magnus/.amaya/1/foo.xml", documentName=0x9d61298 "foo.xml", documentDirectory=0x9d62260 "/home/magnus/.amaya/1", pathURL=0xa881640 "/tmp/foo.xml", withDec=false, withDoctype=false, useMath=false, externalDoc=false) at ../../amaya/Xml2thot.c:6087
#8  0x081480bf in LoadDocument (doc=1, pathname=0xa881640 "/tmp/foo.xml", form_data=0x0, initial_url=0x9d59550 "/tmp/foo.xml", method=8, tempfile=0xa881968 "", documentname=0x9d61298 "foo.xml", http_headers=0x0, history=false, inNewWindow=0xbfffbb77, realdocname=0x0) at ../../amaya/init.c:3878
#9  0x0814842c in GetAmayaDoc_callback (newdoc=1, status=0, urlName=0x9d61c10 "/tmp/foo.xml", outputfile=0x9d618e8 "", proxyName=0x0, http_headers=0x0, context=0x9d5aef8) at ../../amaya/init.c:4811
#10 0x081496c9 in GetAmayaDoc (urlname=0xbfffc668 "/tmp/foo.xml", form_data=0x0, doc=0, baseDoc=0, method=8, history=false, cbf=0, ctx_cbf=0x0) at ../../amaya/init.c:5323
#11 0x08149bd0 in CallbackDialogue (ref=37310, typedata=1, data=0x1 <Address 0x1 out of bounds>) at ../../amaya/init.c:5602
#12 0x0814bbee in OpenNewDocFromArgv (url=0x99c4998 "/tmp/foo.xml") at ../../amaya/init.c:7222
#13 0x0814e033 in InitAmaya (event=0xbfffce24) at ../../amaya/init.c:7130
#14 0x082f6678 in CallAction (notifyEvent=0xbfffce24, event=TteInit, pre=false, type=0, element=0x0, schStruct=0x0, attr=false) at ../../thotlib/dialogue/callback.c:174
#15 0x082f691b in CallEventType (notifyEvent=0xbfffce24, pre=false) at ../../thotlib/dialogue/callback.c:335
#16 0x083066fd in TtaMainLoop () at ../../thotlib/dialogue/interface.c:174
#17 0x080d959c in amaya_main (argc=2, argv=0x99c2610) at EDITORAPP.c:1667
#18 0x082a289b in AmayaApp::OnIdle (this=0x996f658, event=@0xbfffef38) at ../../thotlib/base/AmayaApp.cpp:463
#19 0xb744aaf1 in wxAppConsole::HandleEvent(wxEvtHandler*, void (wxEvtHandler::*)(wxEvent&), wxEvent&) const () from /usr/lib/libwx_baseu-2.8.so.0
#20 0xb74e9d2a in wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) () from /usr/lib/libwx_baseu-2.8.so.0
#21 0xb74eaf44 in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) () from /usr/lib/libwx_baseu-2.8.so.0
#22 0xb74eb04b in wxEvtHandler::ProcessEvent(wxEvent&) () from /usr/lib/libwx_baseu-2.8.so.0
#23 0xb77bd8d2 in wxAppBase::ProcessIdle() () from /usr/lib/libwx_gtk2u_core-2.8.so.0
#24 0xb770c8f3 in ?? () from /usr/lib/libwx_gtk2u_core-2.8.so.0
#25 0xb68e6a71 in ?? () from /usr/lib/libglib-2.0.so.0
#26 0xb68e89a8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#27 0xb68ec063 in ?? () from /usr/lib/libglib-2.0.so.0
#28 0xb68ec582 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#29 0xb6ce2239 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#30 0xb77264f5 in wxEventLoop::Run() () from /usr/lib/libwx_gtk2u_core-2.8.so.0
#31 0xb77bd6be in wxAppBase::MainLoop() () from /usr/lib/libwx_gtk2u_core-2.8.so.0
#32 0xb77bd291 in wxAppBase::OnRun() () from /usr/lib/libwx_gtk2u_core-2.8.so.0
#33 0xb74846ba in wxEntry(int&, wchar_t**) () from /usr/lib/libwx_baseu-2.8.so.0
#34 0xb74848b7 in wxEntry(int&, char**) () from /usr/lib/libwx_baseu-2.8.so.0
#35 0x082a462b in main (argc=6357089, argv=0xa534670) at ../../thotlib/base/AmayaApp.cpp:51

Comment 1 Magnus Henoch 2009-04-08 14:07:28 UTC

Created attachment 682 [details]
Don't pass NULL to strcmp

This patch makes Amaya load the file.  Not sure if this is the right change; should UriName really be NULL here?

Comment 2 Vatton 2009-04-10 09:26:26 UTC

(In reply to comment #0)
> Created an attachment (id=681) [details]
> File that crashes Amaya

The main problem is that a prefix is used but it's not defined.
Amaya won't crash when parsing that kind of document.