[xml/sgml-pkgs] Bug#456653: libxml2: __xmlRaiseError alloc tons of memory and cause segfault
Bug Filler
mozbugbox at yahoo.com.au
Mon Dec 17 11:06:30 UTC 2007
Package: libxml2
Version: 2.6.30.dfsg-3
Severity: important
libxml2 crash liferea on some Chinese RSS feed. Backtrace shows that in
file error.c at XML_GET_VAR_STR(), it realloced too much memory.
With vsnprintf, when it returns -1, there could be all kind of
errors other than just not enough buffer.
In this Chinese feed, the error is
"Invalid or incomplete multibyte or wide character", i.e. EILSEQ.
So if XML_GET_VAR_STR really want to handle pre-glibc 2.1 erorr, it
should check the precise errno first rather blindly realloc more
memory. Otherwise, just break out of the error.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-k7 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=zh_CN.GBK (charmap=GBK)
Shell: /bin/sh linked to /bin/bash
Versions of packages libxml2 depends on:
ii libc6 2.7-4 GNU C Library: Shared libraries
ii zlib1g 1:1.2.3.3.dfsg-7 compression library - runtime
Versions of packages libxml2 recommends:
ii xml-core 0.11 XML infrastructure and XML catalog
-- no debconf information
More information about the debian-xml-sgml-pkgs
mailing list