[Gambas-user] [Gambas Bug Tracker] Bug #1316: Seg-Fault in 3.11.1 and 3.11.2 with gb.xml.so

bugtracker at gambaswiki.org bugtracker at gambaswiki.org
Tue May 15 21:57:33 CEST 2018 

http://gambaswiki.org/bugtracker/edit?object=BUG.1316&from=L21haW4-

Comment #7 by Tobias BOEGE:

I can reproduce this as well with master. I get "Out of bounds" and segfaults.
Here is a backtrace:

  Program received signal SIGSEGV, Segmentation fault.
  0x00007fffee8deb71 in XMLElement_GetAttribute (elmt=0x555555b36100, nattrName=0x7fffee6cb53f "class", nlenAttrName=5, mode=0) at element.cpp:187
  187             if(GB_MatchString(attr->attrName, attr->lenAttrName, nattrName, nlenAttrName, mode))
  (gdb) bt
  #0  0x00007fffee8deb71 in XMLElement_GetAttribute(Element const*, char const*, unsigned long, int) (elmt=0x555555b36100, nattrName=0x7fffee6cb53f "class", nlenAttrName=5, mode=0) at element.cpp:187
  #1  0x00007fffee8dcad1 in XMLNode_addGBChildrenByAttributeValue(Node*, char const*, unsigned long, char const*, unsigned long, void**, int, int) (node=0x555555b36100, attrName=0x7fffee6cb53f "class", lenAttrName=5, attrValue=0x555555b197f4 "numberSociety", lenAttrValue=13, array=0x7fffffffcf10, mode=0, depth=-1) at node.cpp:343
  #2  0x00007fffee8dca53 in XMLNode_getGBChildrenByAttributeValue(Node*, char const*, unsigned long, char const*, unsigned long, void**, int, int) (node=0x555555b36100, attrName=0x7fffee6cb53f "class", lenAttrName=5, attrValue=0x555555b197f4 "numberSociety", lenAttrValue=13, array=0x7fffffffcf10, mode=0, depth=-1) at node.cpp:331
  #3  0x00007fffee6c6f8d in HtmlDocument_GetElementsByClassName(Document*, char const*, unsigned long, void**, int) (doc=0x555555b36100, className=0x555555b197f4 "numberSociety", lenClassName=13, array=0x7fffffffcf10, depth=-1) at htmldocument.cpp:235
  #4  0x00007fffee6c7e77 in CDocument_getElementsByClassName(void*, void*) (_object=0x555555b3c0a8, _param=0x7ffff66710a0) at CHTMLDocument.cpp:145
  #5  0x00005555555a167e in EXEC_native () at gbx_exec.c:1375
  [...]
  (gdb) list
  182
  183     Attribute* XMLElement_GetAttribute(const Element *elmt, const char *nattrName, const size_t nlenAttrName, const int mode)
  184     {
  185         for(Attribute *attr = elmt->firstAttribute; attr != 0; attr = (Attribute*)(attr->nextNode))
  186         {
  187             if(GB_MatchString(attr->attrName, attr->lenAttrName, nattrName, nlenAttrName, mode))
  188                 return attr;
  189         }
  190         return 0;
  191     }
  (gdb) print attr
  $1 = (Attribute *) 0x4500450003003d
  (gdb) print *attr
  Cannot access memory at address 0x4500450003003d

I have ran this backtrace a dozen times now and whenever the segfault happens, attr is the
suspicious-looking value 0x4500450003003d. Almost half the bytes are printable ASCII.

More information about the User mailing list