Bug#698537: xalan xsl:message segment fault on suspected buffer overflow
Package: xalan
Version: 1.10-4
Severity: normal
xalan crashes with a segment fault when using <xsl:message> with large output.
For example:
bug.xsl:
---cut---
<?xml version="1.0" encoding="utf-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
version="1.0"
>
<xsl:template match="/">
<xsl:message>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
<xsl:text>1234567890123456789012345678901234567890123456789012345678901234567890 </xsl:text>
</xsl:message>
</xsl:template>
</xsl:stylesheet>
---cut---
in.xml:
---cut---
<?xml version="1.0" encoding="UTF-8"?>
<Data/>
---cut---
will crash when run as:
wuth@fiore:~/tmp/xalan-bug$ xalan -xsl bug.xsl -in in.xml
XSLT Message: 1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
123456789012345678901Segmentation fault
wuth@fiore:~/tmp/xalan-bug$
occasionally,
pure virtual method called
terminate called without an active exception
Aborted
is reported instead.
-- System Information:
Debian Release: 6.0.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-0.bpo.2-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages xalan depends on:
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.5-8 GCC support library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libxalan110 1.10-4 Provides XSLT support for applicat
ii libxerces-c28 2.8.0+deb1-2+b1 validating XML parser library for
xalan recommends no packages.
xalan suggests no packages.
-- no debconf information
Reply to: