[Webkit-unassigned] [Bug 15715] Nested XSL stylesheets can produce memory corruption

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 30 03:20:56 PDT 2007 

http://bugs.webkit.org/show_bug.cgi?id=15715


ap at webkit.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1




------- Comment #8 from ap at webkit.org  2007-10-30 03:20 PDT -------
With a debug build of libxml2 2.6.16 (./configure  --with-mem-debug
--with-run-debug), I do see dictionary inconsistency errors:

element html: error : Name is not from the document dictionnary 'html'
element head: error : Name is not from the document dictionnary 'head'
element title: error : Name is not from the document dictionnary 'title'
element body: error : Name is not from the document dictionnary 'body'
element div: error : Name is not from the document dictionnary 'div'
element b: error : Name is not from the document dictionnary 'b'

However, my results are somewhat different:
1) I do not see any free() problems (OS X memory allocator would have
complained if someone were trying to free non-allocated memory, or to
double-free). I also don't get any assertion failures.
2) I see similar errors from all XSL transformations, not just ones that
involve nested stylesheets.

So, while there's definitely something wrong going on, I still don't quite see
what exactly the problem is, and whether it is indeed a memory corruption
problem.

Note that WebKit becomes very crash-prone when running against a debug build of
libxml2, because the debug version of xmlFree() cannot take NULL arguments. I
think this is a libxml2 bug, I've reported it:
<http://bugzilla.gnome.org/show_bug.cgi?id=491651>.

> But in order to have the child
> stylesheet share the parent's dictionary, we need to create the context
> ourselves, and the only way that libxml exposes to do that is to use
> xmlCtxtReadDoc(), which only works on UTF-8 (it takes a pointer to xmlChar),

Can we use xmlCtxtReadMemory()?


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list