You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@xalan.apache.org by bu...@apache.org on 2002/10/28 22:05:06 UTC

DO NOT REPLY [Bug 14025] New: - XPath::evaluate cores on ecountering malformed expression

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14025>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14025

XPath::evaluate cores on ecountering malformed expression

           Summary: XPath::evaluate cores on ecountering malformed
                    expression
           Product: XalanC
           Version: 1.4.x
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: Major
          Priority: Other
         Component: XPathC
        AssignedTo: xalan-dev@xml.apache.org
        ReportedBy: mark_marsh@agilent.com


This program cores on an invalid XPath expressions - there seems to
be no way to protect from this at the user code level.  If you compile
with debug it cores on the asserts() - if you don't it cores later.

Platform
-------------------------------------------------------------------
SunOS dogbert 5.8 Generic_108528-10 sun4u sparc SUNW,Ultra-5_10

CC: Sun WorkShop 6 update 2 C++ 5.3 2001/05/15

xerces-c2_1_0-Sol2.7ForCC

Xalan 1.4+:
xml-xalan_20020912222118  with XObjectFactoryDefault.cpp fix
    (xml-xalan/c/src/XPath/XObjectFactoryDefault.cpp;1.28)

(configured with and without debug)

Xalan 1.5:
    Xalan-C_2002-10-21-solaris
Successfully identified context node
and failed the evaluate() in the XalanDOMString::append.
An assertion in the invariants() call at XalanDOMString.cpp:353 is triggered:

XalanDOMString.hpp line 779:

       assert(m_data.empty() == true || m_data.back() == 0);

(dbx) p m_data.empty() == true
m_data.empty() == true = false
(dbx) p m_data.back() == 0
m_data.back() == 0 = true
(dbx)

=>[1] XalanDOMString::invariants(this = 0xffbeddd0), line 779 in "XalanDOMString
.hpp"
  [2] XalanDOMString::append(this = 0xffbeddd0, theString = 0xe9b50, theCount =
4294967295U), line 353 in "XalanDOMString.cpp"
  [3] XalanDOMString::XalanDOMString(this = 0xffbeddd0, theString = 0xe9b50, the
Count = 4294967295U), line 115 in "XalanDOMString.cpp"
  [4] XPathEvaluator::evaluate(this = 0xffbee0e0, domSupport = CLASS, contextNod
e = 0x11a650, xpathString = 0xe9b50, prefixResolver = CLASS, envSupport = CLASS)
, line 428 in "XPathEvaluator.cpp"
  [5] XPathEvaluator::evaluate(this = 0xffbee0e0, domSupport = CLASS, contextNod
e = 0x11a650, xpathString = 0xe9b50, namespaceNode = 0x11a650), line 290 in "XPa
thEvaluator.cpp"
  [6] NxXMLObj::identifyNode(this = 0xffbee0d4, pContext_in = 0xc6218 "phoneList
", pPath_in = 0xc6222 "entry/[AID="3"]"), line 188 in "NxXML.C"
  [7] partDOMTstBad(), line 281 in "tstPrg.C"
  [8] main(argc = 1, argv = 0xffbee27c), line 328 in "tstPrg.C"
(dbx)

The stack at the time of the core is:

(dbx) where -h
  [1] __exdbg_notify_of_throw(0xffbed3d8, 0xffbed3c0, 0xfe1b3078, 0xffbed454, 0x
22334, 0xff2d3c7c), at 0xff2d42b0
  [2] _ex_throw_body(0xff2ea7c0, 0x0, 0x0, 0x1, 0x0, 0x0), at 0xff2d5a90
=>[3] XPathProcessorImpl::error(this = 0xffbedde4, msg = CLASS, _ARG3 = (nil)),
line 998 in "XPathProcessorImpl.cpp"
  [4] XPathProcessorImpl::error(this = 0xffbedde4, msg = 0xfe1b3964 "Unexpected
token!", sourceNode = (nil)), line 1009 in "XPathProcessorImpl.cpp"
  [5] XPathProcessorImpl::Step(this = 0xffbedde4), line 1903 in "XPathProcessorI
mpl.cpp"
  [6] XPathProcessorImpl::RelativeLocationPath(this = 0xffbedde4), line 1840 in
"XPathProcessorImpl.cpp"
  [7] XPathProcessorImpl::LocationPath(this = 0xffbedde4), line 1819 in "XPathPr
ocessorImpl.cpp"
  [8] XPathProcessorImpl::PrimaryExpr(this = 0xffbedde4), line 1627 in "XPathPro
cessorImpl.cpp"
  [9] XPathProcessorImpl::FilterExpr(this = 0xffbedde4), line 1538 in "XPathProc
essorImpl.cpp"
  [10] XPathProcessorImpl::PathExpr(this = 0xffbedde4), line 1509 in "XPathProce
ssorImpl.cpp"
  [11] XPathProcessorImpl::UnionExpr(this = 0xffbedde4), line 1470 in "XPathProc
essorImpl.cpp"
  [12] XPathProcessorImpl::UnaryExpr(this = 0xffbedde4), line 1427 in "XPathProc
essorImpl.cpp"
  [13] XPathProcessorImpl::MultiplicativeExpr(this = 0xffbedde4, opCodePos = -1)
, line 1348 in "XPathProcessorImpl.cpp"
  [14] XPathProcessorImpl::AdditiveExpr(this = 0xffbedde4, opCodePos = -1), line
 1283 in "XPathProcessorImpl.cpp"
  [15] XPathProcessorImpl::RelationalExpr(this = 0xffbedde4, opCodePos = -1), li
ne 1198 in "XPathProcessorImpl.cpp"
  [16] XPathProcessorImpl::EqualityExpr(this = 0xffbedde4, opCodePos = -1), line
 1133 in "XPathProcessorImpl.cpp"
  [17] XPathProcessorImpl::AndExpr(this = 0xffbedde4), line 1108 in "XPathProces
sorImpl.cpp"
  [18] XPathProcessorImpl::OrExpr(this = 0xffbedde4), line 1085 in "XPathProcess
orImpl.cpp"
  [19] XPathProcessorImpl::Expr(this = 0xffbedde4), line 1075 in "XPathProcessor
Impl.cpp"
  [20] XPathProcessorImpl::initXPath(this = 0xffbedde4, pathObj = CLASS, express
ion = CLASS, prefixResolver = CLASS, locator = (nil)), line 135 in "XPathProcess
orImpl.cpp"
  [21] XPathEvaluator::evaluate(this = 0xffbee0e0, domSupport = CLASS, contextNo
de = 0x11a6d0, xpathString = 0xe9b50, prefixResolver = CLASS, envSupport = CLASS
), line 428 in "XPathEvaluator.cpp"
  [22] XPathEvaluator::evaluate(this = 0xffbee0e0, domSupport = CLASS, contextNo
de = 0x11a6d0, xpathString = 0xe9b50, namespaceNode = 0x11a6d0), line 290 in "XP
athEvaluator.cpp"
  [23] NxXMLObj::identifyNode(this = 0xffbee0d4, pContext_in = 0xc6218 "phoneLis
t", pPath_in = 0xc6222 "entry/[AID="3"]"), line 188 in "NxXML.C"
  [24] partDOMTstBad(), line 281 in "tstPrg.C"
  [25] main(argc = 1, argv = 0xffbee27c), line 328 in "tstPrg.C"
(dbx)