[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#450549: Segmentation fault in kxsldbg

On Sunday 02 December 2007, Keith Isdale wrote:

> Having  bit more detail in steps to reproduce would be good as I might be
> doing something slightly differently.

Hi Keith

I have tried a bit and quite easily reproduced it.

With the test doc from the sources:

kxsldbg src/kdewebdev-3.5.8/kxsldbg/data/testdoc.xsl 
src/kdewebdev-3.5.8/kxsldbg/data/testdoc.xml /tmp/foo

and pressing "step" icon 2-10 times, then it blow up in a quite nice segfault.

Trying to track this ended in the "item->next;" part of:
(starting from 530 in kxsldbg/kxsldbgpart/libxsldbg/nodeview_cmds.cpp)

                xsltStackElemPtr item =
                    styleCtxt->varsTab[styleCtxt->varsBase];
                if (getThreadStatus() == XSLDBG_MSG_THREAD_RUN) {
                    notifyListStart(XSLDBG_MSG_LOCALVAR_CHANGED);
                    while (item) {
                        notifyListQueue(item);
                        item = item->next;
                    }
                    notifyListSend();

Just for the fun of it, I tried removing item->next and changed the while to a 
if.  Then it segfaulted next time it needed a item->something

I don't know when it last worked, but I tried comparing the code and it hasn't 
changed in any relevant ways for a long time.

I have asked the debian libxslt maintainer (cc'ed) (the item is a struct 
defined in some libxslt header) and he says that libxslt hasn't changed in 
these ways.
I have tested with libxslt 1.1.18 te 1.1.22 and I get the same segfault every 
time.

backtrace from gdb following

[Switching to Thread 0xb6209b90 (LWP 5670)]
0xb63c8a2a in xslDbgShellPrintVariable (styleCtxt=0x821cbd0, 
arg=0xb62087ae "", type=DEBUG_LOCAL_VAR) 
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libxsldbg/nodeview_cmds.cpp:537
537                             item = item->next;
(gdb) bt
#0  0xb63c8a2a in xslDbgShellPrintVariable (styleCtxt=0x821cbd0, 
arg=0xb62087ae "", type=DEBUG_LOCAL_VAR) 
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libxsldbg/nodeview_cmds.cpp:537
#1  0xb63d1af0 in shellPrompt (source=0x819aaa8, doc=0x81fe598, 
filename=0xb63e38f9 "index.xsl", input=0xb63c0a00 <xslDbgShellReadline>, 
output=0xb79d74e0, styleCtxt=0x821cbd0)    
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libxsldbg/debugXSL.cpp:1729
#2  0xb63d1c78 in debugXSLBreak (templ=0x819aaa8, node=0x81fe598, 
root=0x81fe1d0, ctxt=0x821cbd0) 
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libxsldbg/debugXSL.cpp:1126
#3  0xb63d239a in debugHandleDebugger (cur=0x819aaa8, node=0x81fe598, 
templ=0x81fe1d0, ctxt=0x821cbd0) 
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libxsldbg/debug.cpp:209
#4  0xb7c69699 in xslHandleDebugger (cur=0x819aaa8, node=0x81fe598, 
templ=0x81fe1d0, ctxt=0x821cbd0) at xsltutils.c:2234
#5  0xb7c80f23 in xsltDebuggerStartSequenceConstructor (ctxt=0x821cbd0, 
contextNode=0x81fe598, list=0x819aba0, templ=0x81fe1d0, 
addCallResult=0xb62090b8) at transform.c:2061
#6  0xb7c83198 in xsltApplyXSLTTemplate (ctxt=0x821cbd0, 
contextNode=0x81fe598, list=0x819aba0, templ=0x81fe1d0, withParams=0x0) at 
transform.c:2911
#7  0xb7c8384d in xsltProcessOneNode (ctxt=0x821cbd0, contextNode=0x81fe598, 
withParams=0x0) at transform.c:2032
#8  0xb7c87a42 in xsltApplyStylesheetInternal (style=0x8199da0, doc=0x81fe598, 
params=0xb62091cc, output=0x0, profile=0x0, userCtxt=0x0) at transform.c:6032
#9  0xb63be6c5 in xsltProcess (doc=0x81fe598, cur=0x8199da0) 
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libxsldbg/xsldbg.cpp:404
#10 0xb63c01c1 in xsldbgMain (argc=0, argv=0x0) 
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libxsldbg/xsldbg.cpp:787
#11 0xb63d7f84 in xsldbgThreadMain () 
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libqtnotfier/xsldbgthread.cpp:311
#12 0xb68564fb in start_thread () from /lib/i686/cmov/libpthread.so.0
#13 0xb796493e in clone () from /lib/i686/cmov/libc.so.6


And the begginning of "bt full":

(gdb) bt full
#0  0xb63c8a2a in xslDbgShellPrintVariable (styleCtxt=0x821cbd0, 
arg=0xb62087ae "", type=DEBUG_LOCAL_VAR) 
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libxsldbg/nodeview_cmds.cpp:537
        item = (xsltStackElemPtr) 0x39
        result = <value optimized out>
        silenceCtxtErrors = <value optimized out>
        FULLNAME_STR = 0xb63e2b38 "-f"
        QUIET_STR = 0xb63de8fc "-q"
#1  0xb63d1af0 in shellPrompt (source=0x819aaa8, doc=0x81fe598, 
filename=0xb63e38f9 "index.xsl", input=0xb63c0a00 <xslDbgShellReadline>, 
output=0xb79d74e0, styleCtxt=0x821cbd0)
    
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libxsldbg/debugXSL.cpp:1729
        buff = "\230\215 ¶\"\vA·@\202\b\bø°!\b¨\215 ¶q\222\217· 
W\b\b¬E`·\b\216 ¶G\212\f·à\215 ¶ø°!
\bðP4\bÐ\2132\bT\201\235·²\237B·<Þ\233·\034\000>¶\b\000\000\000ðP4\b\b\216 
¶q\222\217· W\b\b¨\024*\b(ü0\b"
        tempBaseName = <value optimized out>
        prompt = "/ > ", '\0' <repeats 495 times>
        cmdline = (xmlChar *) 0x8311218 "locals -q"
        cur = <value optimized out>
        loadedFiles = 0
        commandId = 28
        command = "locals", '\0' <repeats 146 times>, "!\234\217·", '\0' 
<repeats 17 times>, "tmp\023^\217·\000Ä>¶x\f 
\bz¬\233·\000\000\000\000p\201\235·\000Ä>¶\021\000\000\000\002", '\0' 
<repeats 11 times>, "_Æ\214·¼\220 ¶¹!>¶", '\0' <repeats 20 
times>, "ÌÿÿÿÌÿÿÿÌÿÿÿà\212 ¶h¾!
\bp\201\235·7Iµ·\030\035É·\b\035É·ôo\235·\000\000\000\000@\201\235·è\212 
¶=»\217·@\201\235·\005\000\000\000 «Å·\004\000\000\000ÀÍ\037\b\b\213 ¶ïW½·p¾!
\b0\213 ¶!\234\217· «Å·0\213"...
        arg = "-q\000\000\217Þ\214·", '\0' <repeats 16 times>, "\f\215 
¶", '\0' <repeats 28 times>, "P\216 ¶", '\0' <repeats 36 times>, "ÿÿÿÿ 
\000\000\000¹!>¶·!>¶\000\000\000\000\f\215 ¶", '\0' <repeats 16 
times>, "\004\000\000\000\000\000\000\000à\234\031\b", '\0' <repeats 40 
times>, " ", '\0' <repeats 18 times>, "s", '\0' <repeats 120 times>, "ü\216 
¶", '\0' <repeats 20 
times>, "¸!>¶\000\000\000\000ÿÿÿÿ\000\000\000\000\000\000\000\000ÈP4\b", '\0' 
<repeats 44 times>, "step", '\0' <repeats 75 times>
        dir = "¼\aý·à\205 ¶\020\207 ¶B9·\2222\000\000\000ÌO´·,H´·¬E`·è\205 
¶\020", '\0' <repeats 11 
times>, "\005\000\000\000\"\005\000\000\000\000\000\0000\020É·8õ7¶lÀ
´·È\2356¶\001\000\000\000ô?ý·(n\022\b\004\207 ¶ \207 ¶j\017ü·È\2356¶\004\207 
¶ÄGý·\004\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000\001\000\000\000X\206 
¶=»\217·@\201\235·\f\000\000\000&\026\000\000\f\000\000\000\020\207 ¶\210\206 
¶q\222\217·\f\000\000\000\f\232\205¶P\207 
¶pl\022\b8õ7¶¬E`·\210\201\235·ð\230\031\bL"...
        cmdResult = <value optimized out>
        shortCutId = <value optimized out>
        i = <value optimized out>
        baseUri = (xmlChar *) 0xb62085e0 ""
        breakUri = <value optimized out>
        lastSourceNode = (xmlNodePtr) 0x819aaa8
        lastDocNode = (xmlNodePtr) 0x81fe598
        exitShell = -1208218263
        showSource = 1
#2  0xb63d1c78 in debugXSLBreak (templ=0x819aaa8, node=0x81fe598, 
root=0x81fe1d0, ctxt=0x821cbd0) 
at /build/buildd/kdewebdev-3.5.8/./kxsldbg/kxsldbgpart/libxsldbg/debugXSL.cpp:1126
        nameTemp = (xmlChar *) 0x821af70 "\b"
        modeTemp = (xmlChar *) 0x81fc3c0 "index.xsl"
        tempDoc = (xmlDocPtr) 0x0
        tempNode = (xmlNodePtr) 0x821af70



Thanks in advance

/Sune
-- 
How could I overclock the pin from Photoshop 98?

You neither must doubleclick the utility, nor need to load a 23X floppy disk 
for booting a head.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: