Ubuntu
foxtrotgps package

  1. Bug #787953
  2. Comment #10

Comment 10 for bug 787953

Revision history for this message
Timo Juhani Lindfors (timo-lindfors) wrote :

I looked at the disassembly of

  void XMLCDECL
  xmlGenericErrorDefaultFunc(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...) {
      va_list args;

     if (xmlGenericErrorContext == NULL)
          xmlGenericErrorContext = (void *) stderr;

      va_start(args, msg);
      vfprintf((FILE *)xmlGenericErrorContext, msg, args);
      va_end(args);
  }

on amd64. It seems that xmlGenericErrorContext is (*__xmlGenericErrorContext()) and seems to evaluate differently in the three calls that are made here. The first two return the same value but the third returns a different value. This causes vfprintf to get NULL as the first argument even though the code appears to guard against that.

The implementation has

void * *
__xmlGenericErrorContext(void) {
    if (IS_MAIN_THREAD)
        return (&xmlGenericErrorContext);
    else
        return (&xmlGetGlobalState()->xmlGenericErrorContext);
}

and it seems that IS_MAIN_THREAD evaluates to zero on all three cases. xmlGetGlobalState(), however, returns first 0x7fffe4019170 and then 0x7fffe4019540. Both have sane data but of course only the first one is updated to refer to stderr, the second one has xmlGenericErrorContext set to zero.

xmlGetGlobalState looks very complicated, I can't immediately see why it would return different value for the same thread during the same function call.

Anyways, if I apply

diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog
--- libxml2-2.7.8.dfsg/debian/changelog
+++ libxml2-2.7.8.dfsg/debian/changelog
@@ -1,3 +1,9 @@
+libxml2 (2.7.8.dfsg-2lindi0) unstable; urgency=low
+
+ * Try to workaround https://bugs.launchpad.net/ubuntu/+source/foxtrotgps/+bug/787953
+
+ -- Timo Lindfors <email address hidden> Wed, 01 Jun 2011 00:55:10 +0300
+
 libxml2 (2.7.8.dfsg-2) unstable; urgency=low

   * xpath.c: Fix a double-freeing error in XPath processing code.
only in patch2:
unchanged:
--- libxml2-2.7.8.dfsg.orig/error.c
+++ libxml2-2.7.8.dfsg/error.c
@@ -70,12 +70,13 @@
 void XMLCDECL
 xmlGenericErrorDefaultFunc(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...) {
     va_list args;
+ void *errorContext = xmlGenericErrorContext;

- if (xmlGenericErrorContext == NULL)
- xmlGenericErrorContext = (void *) stderr;
+ if (errorContext == NULL)
+ errorContext = (void *) stderr;

     va_start(args, msg);
- vfprintf((FILE *)xmlGenericErrorContext, msg, args);
+ vfprintf((FILE *)errorContext, msg, args);
     va_end(args);
 }

to libxml2 I do not see the crash anymore.

I doubt the bug is in libxml2 itself but this information might help in any case. I suspect some threading bug in foxtrotgps.