Uploaded image for project: 'XalanC'
  1. XalanC
  2. XALANC-193

XPath::evaluate cores on ecountering malformed expression

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Resolution: Cannot Reproduce
    • 1.4.x
    • None
    • XPathC
    • None
    • Operating System: Solaris
      Platform: Sun
    • 14025

    Description

      This program cores on an invalid XPath expressions - there seems to
      be no way to protect from this at the user code level. If you compile
      with debug it cores on the asserts() - if you don't it cores later.

      Platform
      -------------------------------------------------------------------
      SunOS dogbert 5.8 Generic_108528-10 sun4u sparc SUNW,Ultra-5_10

      CC: Sun WorkShop 6 update 2 C++ 5.3 2001/05/15

      xerces-c2_1_0-Sol2.7ForCC

      Xalan 1.4+:
      xml-xalan_20020912222118 with XObjectFactoryDefault.cpp fix
      (xml-xalan/c/src/XPath/XObjectFactoryDefault.cpp;1.28)

      (configured with and without debug)

      Xalan 1.5:
      Xalan-C_2002-10-21-solaris
      Successfully identified context node
      and failed the evaluate() in the XalanDOMString::append.
      An assertion in the invariants() call at XalanDOMString.cpp:353 is triggered:

      XalanDOMString.hpp line 779:

      assert(m_data.empty() == true || m_data.back() == 0);

      (dbx) p m_data.empty() == true
      m_data.empty() == true = false
      (dbx) p m_data.back() == 0
      m_data.back() == 0 = true
      (dbx)

      =>[1] XalanDOMString::invariants(this = 0xffbeddd0), line 779 in "XalanDOMString
      .hpp"
      [2] XalanDOMString::append(this = 0xffbeddd0, theString = 0xe9b50, theCount =
      4294967295U), line 353 in "XalanDOMString.cpp"
      [3] XalanDOMString::XalanDOMString(this = 0xffbeddd0, theString = 0xe9b50, the
      Count = 4294967295U), line 115 in "XalanDOMString.cpp"
      [4] XPathEvaluator::evaluate(this = 0xffbee0e0, domSupport = CLASS, contextNod
      e = 0x11a650, xpathString = 0xe9b50, prefixResolver = CLASS, envSupport = CLASS)
      , line 428 in "XPathEvaluator.cpp"
      [5] XPathEvaluator::evaluate(this = 0xffbee0e0, domSupport = CLASS, contextNod
      e = 0x11a650, xpathString = 0xe9b50, namespaceNode = 0x11a650), line 290 in "XPa
      thEvaluator.cpp"
      [6] NxXMLObj::identifyNode(this = 0xffbee0d4, pContext_in = 0xc6218 "phoneList
      ", pPath_in = 0xc6222 "entry/[AID="3"]"), line 188 in "NxXML.C"
      [7] partDOMTstBad(), line 281 in "tstPrg.C"
      [8] main(argc = 1, argv = 0xffbee27c), line 328 in "tstPrg.C"
      (dbx)

      The stack at the time of the core is:

      (dbx) where -h
      [1] __exdbg_notify_of_throw(0xffbed3d8, 0xffbed3c0, 0xfe1b3078, 0xffbed454, 0x
      22334, 0xff2d3c7c), at 0xff2d42b0
      [2] _ex_throw_body(0xff2ea7c0, 0x0, 0x0, 0x1, 0x0, 0x0), at 0xff2d5a90
      =>[3] XPathProcessorImpl::error(this = 0xffbedde4, msg = CLASS, _ARG3 = (nil)),
      line 998 in "XPathProcessorImpl.cpp"
      [4] XPathProcessorImpl::error(this = 0xffbedde4, msg = 0xfe1b3964 "Unexpected
      token!", sourceNode = (nil)), line 1009 in "XPathProcessorImpl.cpp"
      [5] XPathProcessorImpl::Step(this = 0xffbedde4), line 1903 in "XPathProcessorI
      mpl.cpp"
      [6] XPathProcessorImpl::RelativeLocationPath(this = 0xffbedde4), line 1840 in
      "XPathProcessorImpl.cpp"
      [7] XPathProcessorImpl::LocationPath(this = 0xffbedde4), line 1819 in "XPathPr
      ocessorImpl.cpp"
      [8] XPathProcessorImpl::PrimaryExpr(this = 0xffbedde4), line 1627 in "XPathPro
      cessorImpl.cpp"
      [9] XPathProcessorImpl::FilterExpr(this = 0xffbedde4), line 1538 in "XPathProc
      essorImpl.cpp"
      [10] XPathProcessorImpl::PathExpr(this = 0xffbedde4), line 1509 in "XPathProce
      ssorImpl.cpp"
      [11] XPathProcessorImpl::UnionExpr(this = 0xffbedde4), line 1470 in "XPathProc
      essorImpl.cpp"
      [12] XPathProcessorImpl::UnaryExpr(this = 0xffbedde4), line 1427 in "XPathProc
      essorImpl.cpp"
      [13] XPathProcessorImpl::MultiplicativeExpr(this = 0xffbedde4, opCodePos = -1)
      , line 1348 in "XPathProcessorImpl.cpp"
      [14] XPathProcessorImpl::AdditiveExpr(this = 0xffbedde4, opCodePos = -1), line
      1283 in "XPathProcessorImpl.cpp"
      [15] XPathProcessorImpl::RelationalExpr(this = 0xffbedde4, opCodePos = -1), li
      ne 1198 in "XPathProcessorImpl.cpp"
      [16] XPathProcessorImpl::EqualityExpr(this = 0xffbedde4, opCodePos = -1), line
      1133 in "XPathProcessorImpl.cpp"
      [17] XPathProcessorImpl::AndExpr(this = 0xffbedde4), line 1108 in "XPathProces
      sorImpl.cpp"
      [18] XPathProcessorImpl::OrExpr(this = 0xffbedde4), line 1085 in "XPathProcess
      orImpl.cpp"
      [19] XPathProcessorImpl::Expr(this = 0xffbedde4), line 1075 in "XPathProcessor
      Impl.cpp"
      [20] XPathProcessorImpl::initXPath(this = 0xffbedde4, pathObj = CLASS, express
      ion = CLASS, prefixResolver = CLASS, locator = (nil)), line 135 in "XPathProcess
      orImpl.cpp"
      [21] XPathEvaluator::evaluate(this = 0xffbee0e0, domSupport = CLASS, contextNo
      de = 0x11a6d0, xpathString = 0xe9b50, prefixResolver = CLASS, envSupport = CLASS
      ), line 428 in "XPathEvaluator.cpp"
      [22] XPathEvaluator::evaluate(this = 0xffbee0e0, domSupport = CLASS, contextNo
      de = 0x11a6d0, xpathString = 0xe9b50, namespaceNode = 0x11a6d0), line 290 in "XP
      athEvaluator.cpp"
      [23] NxXMLObj::identifyNode(this = 0xffbee0d4, pContext_in = 0xc6218 "phoneLis
      t", pPath_in = 0xc6222 "entry/[AID="3"]"), line 188 in "NxXML.C"
      [24] partDOMTstBad(), line 281 in "tstPrg.C"
      [25] main(argc = 1, argv = 0xffbee27c), line 328 in "tstPrg.C"
      (dbx)

      Attachments

        Activity

          People

            Unassigned Unassigned
            mark_marsh@agilent.com Mark Marsh
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: