Invalid use of xmlIO: crash on xmlCharEncCloseFunc()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxml |
Fix Released
|
Medium
|
Unassigned |
Bug Description
lxml 1.3.3 crashed on my Ubuntu Hardy box (i386). Valgrind told me that it's a crash on xmlCharEncClose
I wrote a patch for serializer.pxi to disable the invalid call.
Valgrind output:
==14052== Invalid read of size 4
==14052== at 0x59798A5: xmlCharEncCloseFunc (encoding.c:2114)
==14052== by 0x58C98C9: __pyx_f_
==14052== by 0x80C8EEB: PyEval_EvalFrameEx (ceval.c:3564)
==14052== by 0x80C9314: PyEval_EvalFrameEx (ceval.c:3650)
==14052== by 0x80CA114: PyEval_EvalCodeEx (ceval.c:2831)
==14052== by 0x81123E0: function_call (funcobject.c:517)
==14052== by 0x805C9E6: PyObject_Call (abstract.c:1860)
==14052== by 0x80C709E: PyEval_EvalFrameEx (ceval.c:3844)
==14052== by 0x80CA114: PyEval_EvalCodeEx (ceval.c:2831)
==14052== by 0x81123E0: function_call (funcobject.c:517)
==14052== by 0x805C9E6: PyObject_Call (abstract.c:1860)
==14052== by 0x8062B43: instancemethod_call (classobject.
==14052== Address 0x4EF2308 is 0 bytes inside a block of size 20 free'd
==14052== at 0x402237F: free (vg_replace_
==14052== by 0x597990B: xmlCharEncCloseFunc (encoding.c:2134)
==14052== by 0x59A6444: xmlOutputBuffer
==14052== by 0x58C98BE: __pyx_f_
==14052== by 0x80C8EEB: PyEval_EvalFrameEx (ceval.c:3564)
==14052== by 0x80C9314: PyEval_EvalFrameEx (ceval.c:3650)
==14052== by 0x80CA114: PyEval_EvalCodeEx (ceval.c:2831)
==14052== by 0x81123E0: function_call (funcobject.c:517)
==14052== by 0x805C9E6: PyObject_Call (abstract.c:1860)
==14052== by 0x80C709E: PyEval_EvalFrameEx (ceval.c:3844)
==14052== by 0x80CA114: PyEval_EvalCodeEx (ceval.c:2831)
==14052== by 0x81123E0: function_call (funcobject.c:517)
My code is too huge to extract simple Python example to reproduce the bug, sorry. But I tested my patch: patched lxml doesn't write the error anymore (in Valgrind).
Funny how there are still bugs in old code that just do not show up for ages. :)
Thanks for tracking this down.