You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@xerces.apache.org by "Xiao, Ke" <kx...@microstrategy.com> on 2006/10/05 22:02:20 UTC

XMemory memory overwrite on Solaris

Hi,

My application using Xerces crashed on Solaris. I spent quite some time to debug it and finally find the reason:

When we initialize a DOMParser, it will call to line 533 in IGXMLScanner.cpp
    fSchemaElemNonDeclPool = new (fMemoryManager) RefHash3KeysIdPool<SchemaElementDecl>(29, true, 128, fMemoryManager); 
This will goes to line 59 in RefHash3KeysIdPool.c
    fHash = new (fMemoryManager) HashXMLCh();

When it allocate the memofy for fHash, it will allocate 8 bytes for it. For example the return address 0x1007b1fd0
After that, it will call the following constructors:
	HashXMLCh::HashXMLCh(0x1007b1fd0);
	HashBase::HashBase(0x1007b1fd0);
	XMemory::XMemory(0x1007b1fd8);

In XMemory.hpp, the constructor does nothing:


---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org