[xml/sgml-pkgs] Bug#563227: libxml2: xmlListSort frees original list
Josh Triplett
josh at joshtriplett.org
Fri Jan 1 07:12:20 UTC 2010
Package: libxml2
Version: 2.7.6.dfsg-1
Severity: normal
Having had some trouble trying to use xmlListSort, I took a look at the
implementation. It seems to work by copying the original list, clearing
the original list, and then inserting each element from the copy into
the original. Apart from inefficiency, this has one major bug: clearing
the original list calls the user-supplied deallocator on each element,
making those elements unusable in the copy. This resulted in accesses
to freed memory, easily found via valgrind.
- Josh Triplett
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-bpo.2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libxml2 depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages libxml2 recommends:
ii xml-core 0.12 XML infrastructure and XML catalog
libxml2 suggests no packages.
-- no debconf information
More information about the debian-xml-sgml-pkgs
mailing list