You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-users@xerces.apache.org by trceka <al...@halcom.si> on 2012/03/22 02:10:54 UTC
Bug in DOMElement::getSchemaTypeInfo() ?
Hi all!
I'm porting some application from using xerces-c 2.8.0 to 3.1.1. I have
modified all the code that was using functions/procedures that changed
between version and successfully compiled the application. Things seemed to
work, until I got a crash [SIGILL] in calling the cloneNode(true) [deep
copy]. After poking around, the problem was identified in the call to
typeInfo->getTypeName(), in the DOMDocumentImpl.cpp:1086:
+++
const DOMTypeInfo * typeInfo=((DOMElement*)source)->getSchemaTypeInfo();
// copy it only if it has valid data
if(typeInfo && typeInfo->getTypeName()!=NULL)
clonedTypeInfo=new (this) DOMTypeInfoImpl(typeInfo->getTypeNamespace(),
typeInfo->getTypeName());</code>
+++
The problem lies in the fact, that getSchemaTypeInfo returns something that
is not null (actually, it returns &DOMTypeInfoImpl::g_DtdValidatedElement),
but the object is corrupted, as soon as you try to access members, you get
SIGILL and coredump.
Here is a small main function created to demonstrate this problem:
+++
int main()
{
xercesc::XMLPlatformUtils::Initialize();
xercesc::DOMImplementation* dom_impl =
xercesc::DOMImplementationRegistry::getDOMImplementation(MakeXMLCh("LS"));
const XMLCh* uri = MakeXMLCh("urn:bla:1.0");
xercesc::DOMDocument* dom_doc = dom_impl->createDocument(uri,
MakeXMLCh("doc"), NULL);
xercesc::DOMElement* el = dom_doc->createElementNS(uri,
MakeXMLCh("elem"));
const xercesc::DOMTypeInfo* typeInfo = el->getSchemaTypeInfo();
if( typeInfo == NULL ) { std::cout << "null" << std::endl; }
else
{
char* tmp = xercesc::XMLString::transcode(typeInfo->getTypeName());
std::cout << tmp << std::endl;
delete[] tmp;
}
xercesc::XMLPlatformUtils::Terminate();
return 0;
}
+++
Note: MakeXMLCh() is a function that is included from some other code.
The code above is enough to get the crash. After searching up and down the
internet, I am baffled, is this a bug, or am I doing something awfully
wrong?
Platform: AIX 5.3, xlC 9.0
Xerces-c: 3.1.1, AIX binary
Regards,
Ales
--
View this message in context: http://old.nabble.com/Bug-in-DOMElement%3A%3AgetSchemaTypeInfo%28%29---tp33544593p33544593.html
Sent from the Xerces - C - Users mailing list archive at Nabble.com.
Re: Bug in DOMElement::getSchemaTypeInfo() ?
Posted by Vitaly Prapirny <ma...@mebius.net>.
Hi Aleš,
If you've got the crash with the precompiled binaries maybe you could
try to build the library yourself from the sources and see if it would help.
Btw, current C++ standard requires passing only non-null character
pointers to cout. It is not a definite crash though, it was my fault in
my first answer.
Good luck!
Vitaly
Aleš Trček wrote:
> Hi!
>
> The exact same program compiled on Linux (RHEL) works as expected - getTypeName() returns 0. So, so far Linux and Windows work, AIX crashes. Can someone else try this on AIX so we can make sure it is a platform-dependant bug?
>
> Btw: passing 0 to cout has no (malicious) effect.
>
> Regards,
> Ales
> _________________________________
>
>
> -----Original Message-----
> From: Vitaly Prapirny [mailto:marl@mebius.net]
> Sent: Thursday, March 22, 2012 10:40 AM
> To: Aleš Trček
> Cc: c-users@xerces.apache.org
> Subject: Re: Bug in DOMElement::getSchemaTypeInfo() ?
>
> Aleš Trček wrote:
>> I don't think you understand, it's not that typeInfo->getTypeName() returned 0, the problem is that the call to typeInfo->getTypeName() causes illegal instruction.
>> As I said, typeInfo is not NULL, however accessing any of its members results in crash. The same applies for code that gets called in DOMDocumentImpl.cpp and in my sample code.
>> Returning 0 would be the correct behavior in my opinion, and then I wouldn't have any problems.
>
> I'm sure that passing this returned 0 to std::cout is also a problem in your code. And you didn't point where your sample code got the crash in the previous message.
>
> I'd try your sample code on Windows and get no crash in the getTypeName call (#define MakeXMLCh(a) xercesc::XMLString::transcode(a) has been used)
>
> If you are sure that the crash occured inside the getTypeName call on AIX then you could try to debug you app yourself to find the place of corruption - there is not so much code to debug inside the createElementNS method.
>
> Good luck!
> Vitaly
>
Re: Bug in DOMElement::getSchemaTypeInfo() ?
Posted by Vitaly Prapirny <ma...@mebius.net>.
Aleš Trček wrote:
> I don't think you understand, it's not that typeInfo->getTypeName() returned 0, the problem is that the call to typeInfo->getTypeName() causes illegal instruction.
> As I said, typeInfo is not NULL, however accessing any of its members results in crash. The same applies for code that gets called in DOMDocumentImpl.cpp and in my sample code.
> Returning 0 would be the correct behavior in my opinion, and then I wouldn't have any problems.
I'm sure that passing this returned 0 to std::cout is also a problem in
your code. And you didn't point where your sample code got the crash in
the previous message.
I'd try your sample code on Windows and get no crash in the getTypeName
call (#define MakeXMLCh(a) xercesc::XMLString::transcode(a) has been used)
If you are sure that the crash occured inside the getTypeName call on
AIX then you could try to debug you app yourself to find the place of
corruption - there is not so much code to debug inside the
createElementNS method.
Good luck!
Vitaly
Re: Bug in DOMElement::getSchemaTypeInfo() ?
Posted by Vitaly Prapirny <ma...@mebius.net>.
Hi Ales,
Your sample code should crash because of typeInfo->getTypeName()
returned 0. It is the correct behavior of getTypeName() that's why we
could see NULL-check in DOMDocumentImpl.cpp (but not in your code).
Good luck!
Vitaly
trceka wrote:
>
> Hi all!
>
> I'm porting some application from using xerces-c 2.8.0 to 3.1.1. I have
> modified all the code that was using functions/procedures that changed
> between version and successfully compiled the application. Things seemed to
> work, until I got a crash [SIGILL] in calling the cloneNode(true) [deep
> copy]. After poking around, the problem was identified in the call to
> typeInfo->getTypeName(), in the DOMDocumentImpl.cpp:1086:
> +++
> const DOMTypeInfo * typeInfo=((DOMElement*)source)->getSchemaTypeInfo();
> // copy it only if it has valid data
> if(typeInfo&& typeInfo->getTypeName()!=NULL)
> clonedTypeInfo=new (this) DOMTypeInfoImpl(typeInfo->getTypeNamespace(),
> typeInfo->getTypeName());</code>
> +++
>
> The problem lies in the fact, that getSchemaTypeInfo returns something that
> is not null (actually, it returns&DOMTypeInfoImpl::g_DtdValidatedElement),
> but the object is corrupted, as soon as you try to access members, you get
> SIGILL and coredump.
>
> Here is a small main function created to demonstrate this problem:
> +++
> int main()
> {
> xercesc::XMLPlatformUtils::Initialize();
> xercesc::DOMImplementation* dom_impl =
> xercesc::DOMImplementationRegistry::getDOMImplementation(MakeXMLCh("LS"));
> const XMLCh* uri = MakeXMLCh("urn:bla:1.0");
> xercesc::DOMDocument* dom_doc = dom_impl->createDocument(uri,
> MakeXMLCh("doc"), NULL);
>
> xercesc::DOMElement* el = dom_doc->createElementNS(uri,
> MakeXMLCh("elem"));
> const xercesc::DOMTypeInfo* typeInfo = el->getSchemaTypeInfo();
> if( typeInfo == NULL ) { std::cout<< "null"<< std::endl; }
> else
> {
> char* tmp = xercesc::XMLString::transcode(typeInfo->getTypeName());
> std::cout<< tmp<< std::endl;
> delete[] tmp;
> }
>
> xercesc::XMLPlatformUtils::Terminate();
>
> return 0;
> }
> +++
>
> Note: MakeXMLCh() is a function that is included from some other code.
> The code above is enough to get the crash. After searching up and down the
> internet, I am baffled, is this a bug, or am I doing something awfully
> wrong?
>
> Platform: AIX 5.3, xlC 9.0
> Xerces-c: 3.1.1, AIX binary
>
> Regards,
> Ales