[xml/sgml-pkgs] Bug#279202: marked as done (scrollkeeper-update crashes due to incorrectly allocated pointer)
Debian Bug Tracking System
owner@bugs.debian.org
Thu, 11 Nov 2004 09:04:02 -0800
Your message dated Thu, 11 Nov 2004 23:30:39 +0900
with message-id <20041111143039.GE13627@glandium.org>
and subject line Processed: Fixed in upload of libxml2 2.6.15-2 to experimental
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 1 Nov 2004 12:46:37 +0000
>From wsapplegate@goretsoft.net Mon Nov 01 04:46:37 2004
Return-path: <wsapplegate@goretsoft.net>
Received: from kremvax.net1.nerim.net (smtp.goretsoft.net) [62.212.114.68] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1COba0-0005nK-00; Mon, 01 Nov 2004 04:46:37 -0800
Received: from betelgeuse.nce.goretsoft.net.invalid (eth0-betelgeuse.ipv6.nce.goretsoft.net [IPv6:2001:7a8:3644:77e:c0:a8:1:2])
by smtp.goretsoft.net (Postfix) with ESMTP id BCA32B2F2C;
Mon, 1 Nov 2004 13:46:32 +0100 (CET)
Received: from wsapplegate by betelgeuse.nce.goretsoft.net.invalid with local (Exim 4.34)
id 1CObZt-0006GL-Oq; Mon, 01 Nov 2004 13:46:29 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-15"
From: William Steve Applegate <wsapplegate@est.un.goret.info>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: scrollkeeper-update crashes due to incorrectly allocated pointer
X-Mailer: reportbug 3.1
Date: Mon, 01 Nov 2004 13:46:29 +0100
Message-Id: <E1CObZt-0006GL-Oq@betelgeuse.nce.goretsoft.net.invalid>
Sender: William Steve Applegate <wsapplegate@goretsoft.net>
Content-Transfer-Encoding: quoted-printable
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: scrollkeeper
Version: 0.3.14-9.1debug
Severity: important
Hi,
while doing an upgrade, apt-get bailed out because of a segfault in
scrollkeeper-update. I was able to reproduce it by hand: Apparently, one
file part of gnome-utils (2.6.2-1) is incorrect, and scrollkeeper
segfaults while trying to display an error message. Here's what I got
after recompiling scrollkeeper and libxml2 with debug symbols=A0:
root@betelgeuse|pts/47:~# scrollkeeper-rebuilddb -v
[...]
Registering /usr/share/omf/gnome-utils/gnome-dictionary-ja.omf
Registering /usr/share/omf/gnome-utils/gfloppy-C.omf
/usr/bin/scrollkeeper-rebuilddb: line 48: 1145 Erreur de segmentation (c=
ore dumped) scrollkeeper-update $quiet $verbose -p $scrollkeeper_db_dir
root@betelgeuse|pts/47:~# gdb /usr/bin/scrollkeeper-update core
[...]
Core was generated by `scrollkeeper-update -v -p /var/lib/scrollkeeper'.
Program terminated with signal 11, Segmentation fault.
[...]
#0 0x4007a59b in __xmlRaiseError (schannel=3D0, channel=3D0x401d74d0 <sk=
_dtd_validation_message>, data=3D0xbfffe76f, ctx=3D0xbfffe76f, nod=3D0x85=
16078, domain=3D23, code=3D504,
level=3DXML_ERR_ERROR, file=3D0x0, line=3D0, str1=3D0x84d3018 "resour=
ce", str2=3D0x84d3018 "resource",
str3=3D0xbfffbdc0 "(creator title contributor date subject format ide=
ntifier language relation )", int1=3D0, int2=3D0,
msg=3D0x40165d60 "Element %s content does not follow the DTD, expecti=
ng %s, got %s\n") at error.c:458
458 if ((schannel =3D=3D NULL) && (ctxt !=3D NULL) && (ctxt->=
sax !=3D NULL) &&
(gdb) p ctxt
$1 =3D 0xbfffe76f
(gdb) p ctxt->sax
$2 =3D (struct _xmlSAXHandler *) 0xffe76f43
(gdb) p ctxt->sax->initialized
Cannot access memory at address 0xffe76faf
(gdb) bt
#0 0x4007a59b in __xmlRaiseError (schannel=3D0, channel=3D0x401d74d0 <sk=
_dtd_validation_message>, data=3D0xbfffe76f, ctx=3D0xbfffe76f, nod=3D0x85=
16078, domain=3D23, code=3D504,
level=3DXML_ERR_ERROR, file=3D0x0, line=3D0, str1=3D0x84d3018 "resour=
ce", str2=3D0x84d3018 "resource",
str3=3D0xbfffbdc0 "(creator title contributor date subject format ide=
ntifier language relation )", int1=3D0, int2=3D0,
msg=3D0x40165d60 "Element %s content does not follow the DTD, expecti=
ng %s, got %s\n") at error.c:458
#1 0x400b3097 in xmlErrValidNode (ctxt=3D0xbfffe770, node=3D0x8516078, e=
rror=3DXML_DTD_CONTENT_MODEL,
msg=3D0x40165d60 "Element %s content does not follow the DTD, expecti=
ng %s, got %s\n", str1=3D0x84d3018 "resource",
str2=3D0xbfffd150 "(creator+ , maintainer* , contributor* , title , d=
ate , version* , subject* , description? , type* , coverage* , format , i=
dentifier , language , relation* , source* , rights*)", str3=3D0xbfffbdc0=
"(creator title contributor date subject format identifier language rela=
tion )") at valid.c:137
#2 0x400bb51c in xmlValidateElementContent (ctxt=3D0xbfffe770, child=3D0=
x85160c8, elemDecl=3D0x84d2898, warn=3D1, parent=3D0x8516078) at valid.c:=
5166
#3 0x400bc986 in xmlValidateOneElement__internal_alias (ctxt=3D0xbfffe77=
0, doc=3D0x81806b0, elem=3D0x8516078) at valid.c:5866
#4 0x400bd0bb in xmlValidateElement__internal_alias (ctxt=3D0xbfffe770, =
doc=3D0x81806b0, elem=3D0x8516078) at valid.c:6110
#5 0x400bd20f in xmlValidateElement__internal_alias (ctxt=3D0xbfffe770, =
doc=3D0x81806b0, elem=3D0x8180750) at valid.c:6131
#6 0x400bd78b in xmlValidateDtd__internal_alias (ctxt=3D0xbfffe770, doc=3D=
0x81806b0, dtd=3D0x81809b8) at valid.c:6342
#7 0x401d91e2 in install (omf_name=3D0x8052b50 "/usr/share/omf/gnome-uti=
ls/gfloppy-ja.omf", scrollkeeper_dir=3D0xbffff830 "/var/lib/scrollkeeper"=
,
data_dir=3D0xbffff520 "/usr/share/scrollkeeper", outputprefs=3D67 'C'=
) at install.c:194
#8 0x0804a254 in main (argc=3D4, argv=3D0xbffffb64) at update.c:541
Looking at libs/install.c, I noticed the following code (at line 190)=A0:
190 cvp.userData =3D (char *) &outputprefs;
The userData member is later reused by libxml2 in valid.c, in the
following code=A0:
129 xmlParserCtxtPtr pctxt =3D NULL;
[...]
134 data =3D ctxt->userData;
135 pctxt =3D ctxt->userData;
The problem is, obviously, that userData is nothing like a pointer to a
xmlParserCtxt structure. Hence, the code fails in libxml2's error.c, on
the following line=A0:
457 ctxt =3D (xmlParserCtxtPtr) ctx;
458 if ((schannel =3D=3D NULL) && (ctxt !=3D NULL) && (ctxt->=
sax !=3D NULL) &&
459 (ctxt->sax->initialized =3D=3D XML_SAX2_MAGIC))
I've been able to verify this by replacing line 190 in libs/install.c
with a call to xmlNewParserCtxt(). This indeed prevented segfaults.
Instead, I got what seemed to be a normal error message on the faulty
files=A0:
OMF file [/usr/share/omf/gnome-utils/gfloppy-ja.omf] does not validate ag=
ainst ScrollKeeper-OMF DTD: /usr/share/xml/scrollkeeper/dtds/scrollkeeper=
-omf.dtd
Unable to register /usr/share/omf/gnome-utils/gfloppy-ja.omf
I'm not sure who is at fault here, scrollkeeper or libxml2, I'll leave
to you to determine what is really going around here. If you need any
other information on this problem, feel free to ask.
As an aside, this could be a duplicate of bug #233561, but I'm unsure
about this.
Thanks,
-- William.
-- System Information:
Debian Release: 3.1
APT prefers experimental
APT policy: (600, 'experimental'), (550, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.4-wolk2.3
Locale: LANG=3Dfr_FR@euro, LC_CTYPE=3Dfr_FR@euro (charmap=3DISO-8859-15) =
(ignored: LC_ALL set to fr_FR@euro)
Versions of packages scrollkeeper depends on:
ii docbook-xml 4.3-1 standard XML documentation s=
ystem,
ii libc6 2.3.2.ds1-18 GNU C Library: Shared librar=
ies an
ii libxml2 2.6.15-1.0debug GNOME XML library
ii libxslt1.1 1.1.11-1 XSLT processing library - ru=
ntime=20
ii zlib1g 1:1.2.2-1 compression library - runtim=
e
-- no debconf information
---------------------------------------
Received: (at 279040-done) by bugs.debian.org; 11 Nov 2004 14:30:41 +0000
>From mh@glandium.org Thu Nov 11 06:30:41 2004
Return-path: <mh@glandium.org>
Received: from d170.haichifl11.vectant.ne.jp (localhost.localdomain) [220.247.22.170]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CSFyC-0002A5-00; Thu, 11 Nov 2004 06:30:41 -0800
Received: from mh by localhost.localdomain with local (Exim 4.34)
id 1CSFyB-0003BB-W3
for 279040-done@bugs.debian.org; Thu, 11 Nov 2004 23:30:40 +0900
Date: Thu, 11 Nov 2004 23:30:39 +0900
From: Mike Hommey <mh@glandium.org>
To: 279040-done@bugs.debian.org
Subject: Re: Processed: Fixed in upload of libxml2 2.6.15-2 to experimental
Message-ID: <20041111143039.GE13627@glandium.org>
References: <E1CSE7W-0000aP-00@newraff.debian.org> <handler.s.C.110017670716325.transcript@bugs.debian.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <handler.s.C.110017670716325.transcript@bugs.debian.org>
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: 279040-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
experimental + fixed-in-experimental = ?
On Thu, Nov 11, 2004 at 06:18:19AM -0800, Debian Bug Tracking System wrote:
> Processing commands for control@bugs.debian.org:
>
> > tag 279040 + fixed-in-experimental
> Bug#279040: libxml2: Version 2.6.15 makes scrollkeeper segfault
> Tags were: pending experimental fixed-upstream
> Bug#279089: libxml2: makes scrollkeep segfault
> Bug#279202: scrollkeeper-update crashes due to incorrectly allocated pointer
> Bug#279283: scrollkeeper-update segfaults
> Bug#279694: bug-buddy: Package installation fails on scrollkeeper-update
> Bug#279838: scrollkeeper-update -q dumps core while update from latest unstab le/experimental
> Bug#280162: scrollkeeper: scrolkeeper-update -q produces segmentation fault
> Bug#280248: segmentation fault of scrollkeeper-update
> Bug#280516: scrollkeeper-update segfaults, causing dpkg to fail
> Tags added: fixed-in-experimental
>
> > quit
> Stopping processing here.
>
> Please contact me if you need assistance.
>
> Debian bug tracking system administrator
> (administrator, Debian Bugs database)
>