Author jojoworks
Recipients
Date 2004-04-03.19:28:23
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to
Content
Logged In: YES 
user_id=688090

Now when I thinked out a way how to put a breakpoint into
shared library and get GDB stopped on it I investigated on
this bug more and found following:

The bug is in XML_GetBuffer() located at xmlparse.c:1498.
When this call realizes that the buffer is too small, a
larger one is allocated and data are copied. The problem is
that m_eventPtr is not transformed to be pointing into the
new buffer during this transaction and so is still pointing
to the old (and invalid) buffer.

In the case described here the invalid pointer "m_eventPtr"
(invalidated after the buffer was moved by XML_GetBuffer) is
passed (xmlparse:1606) to XmlUpdatePosition(), which assumes
that it is valid. The XmlUpdatePosition() call touches
memory through the pointer, falls into "memory hole"
(because the memory to which the pointer is pointing was
freed) and segfaults.
History
Date User Action Args
2007-08-23 14:20:20adminlinkissue914148 messages
2007-08-23 14:20:20admincreate