[xml] Crash in xmlschemas.c when validating XML containing mixed	CDATA section
- From: Judy Hay <judyhay yahoo com>
- To: xml gnome org
- Subject: [xml] Crash in xmlschemas.c when validating XML containing mixed	CDATA section
- Date: Mon, 19 Dec 2005 14:14:46 -0800 (PST)
Hi,
 
I'm running into a problem with the XML schema validation code when applied to CDATA sections that happen to have some trailing whitespace.  It seems to be isolated to cases where a namespace is being used.
 
The following XML and XSD snippets will cause the crash in the latest (2.6.22) version of xmllint I have:
 
XML:
<?xml version="1.0" encoding="utf-8"?>
    <ex:Item>
        <![CDATA[A single item]]>
    </ex:Item>
</ex:List>
XSD:
    <xs:element name="List" type="ex:ListT"/>
 
    <xs:complexType name="ListT">
        <xs:sequence>
            <xs:element name="Item" type="xs:string" minOccurs="0" maxOccurs="1"/>
        </xs:sequence>
    </xs:complexType>
</xs:schema>
 
If you remove the whitespace from around the CDATA section, you do not get a crash and the XML validates just fine.
 
The crash is happening in xmlschemas.c at line 23877 (in xmlSchemaVPushText).  xmlStrncat is called with a "len" variable that was passed in from the calling function as -1 (other parts of xmlSchemaVPushText consider this).  Eventually that -1 gets passed into a memcpy call by xmlStrncat and causes a seg fault.
 
I don't think this line is ever called if namespaces aren't being used -- at least, I couldn't reproduce this error in that case.
 
Anyway, I was wondering if this is a known bug and if there are any plans to fix it in the near future.  Or if I'm just using really bad XML/XSD and if so, please let me know (well, I don't have any control over the XML I'm getting, but it would be good to know if there's something wrong with it, too).
 
Thanks very much,
Judy
[
Date Prev][
Date Next]   [
Thread Prev][
Thread Next]   
[
Thread Index]
[
Date Index]
[
Author Index]