textproc/libxslt: xsltproc segfault

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

textproc/libxslt: xsltproc segfault

Christian Weisgerber
If you build the net/libaccounts-glib port frequently (or in a
loop), sooner or later you'll see this:

...
cd html && gtkdoc-mkhtml $mkhtml_options  libaccounts-glib ../libaccounts-glib-docs.xml
Computing chunks...
Writing index.sgml for book(index)
Writing libaccounts-glib.devhelp2 for book(index)
Segmentation fault (core dumped)

The segfault is xsltproc's.  Anybody feel like debugging this?

#0  0x00001fafefe4b84b in xmlXPathFreeNodeSet ()
   from /usr/local/lib/libxml2.so.15.1
#1  0x00001fafefe285bf in xmlHashFree () from /usr/local/lib/libxml2.so.15.1
#2  0x00001faff3911a90 in xsltFreeKeyTable (keyt=0x1faf5b0d2060) at keys.c:162
#3  0x00001faff3911adf in xsltFreeKeyTableList (keyt=0x1fb008b8b7c0)
    at keys.c:181
#4  0x00001faff3913151 in xsltFreeDocumentKeys (idoc=0x1fb01dcef900)
    at keys.c:932
#5  0x00001faff391e5ea in xsltFreeDocuments (ctxt=0x1fafbf185200)
    at documents.c:258
#6  0x00001faff39235b2 in xsltFreeTransformContext (ctxt=0x1fafbf185200)
    at transform.c:652
#7  0x00001fad33402ade in xsltProcess (doc=0x1faf6e5fda00, cur=0x1fafbb6b0400,
    filename=0x7f7ffffce04f "../libaccounts-glib-docs.xml") at xsltproc.c:418
#8  0x00001fad334045a0 in main (argc=19, argv=0x7f7ffffcdc68) at xsltproc.c:892

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: textproc/libxslt: xsltproc segfault

Stuart Henderson-6
On 2016/02/05 22:07, Christian Weisgerber wrote:

> If you build the net/libaccounts-glib port frequently (or in a
> loop), sooner or later you'll see this:
>
> ...
> cd html && gtkdoc-mkhtml $mkhtml_options  libaccounts-glib ../libaccounts-glib-docs.xml
> Computing chunks...
> Writing index.sgml for book(index)
> Writing libaccounts-glib.devhelp2 for book(index)
> Segmentation fault (core dumped)
>
> The segfault is xsltproc's.  Anybody feel like debugging this?
>
> #0  0x00001fafefe4b84b in xmlXPathFreeNodeSet ()
>    from /usr/local/lib/libxml2.so.15.1
> #1  0x00001fafefe285bf in xmlHashFree () from /usr/local/lib/libxml2.so.15.1
> #2  0x00001faff3911a90 in xsltFreeKeyTable (keyt=0x1faf5b0d2060) at keys.c:162
> #3  0x00001faff3911adf in xsltFreeKeyTableList (keyt=0x1fb008b8b7c0)
>     at keys.c:181
> #4  0x00001faff3913151 in xsltFreeDocumentKeys (idoc=0x1fb01dcef900)
>     at keys.c:932
> #5  0x00001faff391e5ea in xsltFreeDocuments (ctxt=0x1fafbf185200)
>     at documents.c:258
> #6  0x00001faff39235b2 in xsltFreeTransformContext (ctxt=0x1fafbf185200)
>     at transform.c:652
> #7  0x00001fad33402ade in xsltProcess (doc=0x1faf6e5fda00, cur=0x1fafbb6b0400,
>     filename=0x7f7ffffce04f "../libaccounts-glib-docs.xml") at xsltproc.c:418
> #8  0x00001fad334045a0 in main (argc=19, argv=0x7f7ffffcdc68) at xsltproc.c:892

Not much more information, but I see the same backtrace with a checkout
of git HEAD.

I've got a backtrace with line numbers for *some* of the frames
from 1.1.28 which looks like the same crash:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000017514110852b in xmlXPathFreeNodeSet (obj=0x175093ce3180) at xpath.c:4190
4190    if ((obj->nodeTab[i] != NULL) &&
(gdb) p *obj
$1 = {nodeNr = 1, nodeMax = 10, nodeTab = 0x175171c4e580}
(gdb) p *obj->nodeTab
$2 = (xmlNodePtr) 0x1750ae806180
(gdb) p **obj->nodeTab
Cannot access memory at address 0x1750ae806180
(gdb) bt
#0  0x000017514110852b in xmlXPathFreeNodeSet (obj=0x175093ce3180) at xpath.c:4190
#1  0x00001751410cd7a1 in xmlHashFree (table=0x1750cd498e00, f=0x1751411084c5 <xmlXPathFreeNodeSet>) at hash.c:339
#2  0x00001750938adf99 in xsltFreeDocumentKeys () from /usr/local/lib/libxslt.so.3.8
#3  0x00001750938b7ada in xsltFreeDocuments () from /usr/local/lib/libxslt.so.3.8
#4  0x00001750938c148a in xsltFreeTransformContext () from /usr/local/lib/libxslt.so.3.8
#5  0x0000174e80602a32 in ?? ()
#6  0x0000174e80603430 in ?? ()
#7  0x0000174e80602021 in ?? ()
#8  0x0000000000000000 in ?? ()
(gdb) list
4185    if (obj->nodeTab != NULL) {
4186 int i;
4187
4188 /* @@ with_ns to check whether namespace nodes should be looked at @@ */
4189 for (i = 0;i < obj->nodeNr;i++)
4190    if ((obj->nodeTab[i] != NULL) &&
4191 (obj->nodeTab[i]->type == XML_NAMESPACE_DECL))
4192 xmlXPathNodeSetFreeNs((xmlNsPtr) obj->nodeTab[i]);
4193 xmlFree(obj->nodeTab);
4194    }

.... and similar from git HEAD

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000041802a2952b in xmlXPathFreeNodeSet (obj=0x4183e134b20) at xpath.c:4190
4190    if ((obj->nodeTab[i] != NULL) &&
(gdb) bt
#0  0x0000041802a2952b in xmlXPathFreeNodeSet (obj=0x4183e134b20) at xpath.c:4190
#1  0x00000418029ee7a1 in xmlHashFree (table=0x41870c785e0, f=0x41802a294c5 <xmlXPathFreeNodeSet>) at hash.c:339
#2  0x00000417ff7fca50 in xsltFreeKeyTable (keyt=0x41816c12c00) at keys.c:162
#3  0x00000417ff7fca9f in xsltFreeKeyTableList (keyt=0x4182878a4a0) at keys.c:181
#4  0x00000417ff7fe123 in xsltFreeDocumentKeys (idoc=0x417dd5e3540) at keys.c:933
#5  0x00000417ff80954a in xsltFreeDocuments (ctxt=0x41860f08a00) at documents.c:258
#6  0x00000417ff80e6d2 in xsltFreeTransformContext (ctxt=0x41860f08a00) at transform.c:750
#7  0x0000041591102b82 in xsltProcess (doc=0x4188958d200, cur=0x417fe3c9600, filename=0x7f7ffffe1963 "../libaccounts-glib-docs.xml")
    at xsltproc.c:421
#8  0x00000415911047ae in main (argc=19, argv=0x7f7ffffe1608) at xsltproc.c:920