weired XML::LibXML bug
by Petr Pajas other posts by this author
Sep 5 2002 4:43PM messages near this date
view in the new Beta List Site
[ANNOUNCE] XML::Filter::Merger: Easier merging yet...
|
Re: weired XML::LibXML bug
Hi Christian, all,
maybe I was playing with LibXML/libxml2 too cruelly :-) but this bug
seems like a dangerous one to me.
When evaluating an incorrect XPath expressions containing character
"%" with XML::LibXML::Node::find/findvalue, it SIGSEGVs on some. It
looks like some simple (s)printf (and thus maybe libxml2 ?) -related
problem in the function that outputs the error message, since for
example
$doc-> getDocumentElement()->find('//node()[string(.)="%%"]///');
(which is incorrect because of those three ///)
prints out
Error Invalid expression
//node()[string(.)="%"]///
^
Note, that there is only one % !
I think, it is quite clear what's going on here, but just to make it
more fun, the following script tries % followed by letters a-z.
After printing some quite interesting output, it simply
dumps core by the time it reaches %n.
(With GDOME similar thing works without core dumps, except that the
croaks Undefined subroutine &XML::GDOME::Node::croak called at
/usr/lib/perl5/site_perl/5.6.1/i386-linux/XML/GDOME.pm line 338. Maybe
it does sustain only because the croak is not defined, so that those
offending % characters don't get out, but I'm not sure about that and
I don't realy care much, since I prefer LibXML, anyway :-).)
__CUTHERE__
#!/usr/bin/perl
use XML::LibXML;
my $doc=XML::LibXML-> new()->parse_string(<<'EOF');
<?xml version='1.0'?>
<test/>
EOF
foreach (ord('a')..ord('z')) {
eval {
print STDERR 'Testing: %'.chr($_),"\n";
$doc-> getDocumentElement()->find('%'.chr($_));
};
print STDERR $@;
}
__END__
Testing: %a
Error Invalid expression
//node()[s(.)=%a]
^
Error Invalid expression
//node()[s(.)=%a]
^
Testing: %b
Error Invalid expression
//node()[s(.)=0]
^
Error Invalid expression
//node()[s(.)=0]
^
Testing: %c
Error Invalid expression
//node()[s(.)=]
^
Error Invalid expression
//node()[s(.)=]
^
Testing: %d
Error Invalid expression
//node()[s(.)=0]
^
Error Invalid expression
//node()[s(.)=0]
^
Testing: %e
Error Invalid expression
//node()[s(.)=0.000000e+00]
^
Error Invalid expression
//node()[s(.)=3.660553e-313]
^
Testing: %f
Error Invalid expression
//node()[s(.)=0.000000]
^
Error Invalid expression
//node()[s(.)=0.000000]
^
Testing: %g
Error Invalid expression
//node()[s(.)=0]
^
Error Invalid expression
//node()[s(.)=3.66055e-313]
^
Testing: %h
Error Invalid expression
//node()[s(.)=%h]
^
Error Invalid expression
//node()[s(.)=%h]
^
Testing: %i
Error Invalid expression
//node()[s(.)=0]
^
Error Invalid expression
//node()[s(.)=0]
^
Testing: %j
Error Invalid expression
//node()[s(.)=%j]
^
Error Invalid expression
//node()[s(.)=%j]
^
Testing: %k
Error Invalid expression
//node()[s(.)=%k]
^
Error Invalid expression
//node()[s(.)=%k]
^
Testing: %l
Error Invalid expression
//node()[s(.)=%l]
^
Error Invalid expression
//node()[s(.)=%l]
^
Testing: %m
Error Invalid expression
//node()[s(.)=%m]
^
Error Invalid expression
//node()[s(.)=%m]
^
Testing: %n
Neoprávnìný pøístup do pamìti (SIGSEGV)
sup: /export/homelin/pajas/projects/bug_hunting
pajas$
--
_______________________________________________
Perl-XML mailing list
Perl-XML@[...].com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
Thread:
Petr Pajas
Christian Glahn
|
