Re: Bug in DOMElement::getSchemaTypeInfo() ?

Thu, 22 Mar 2012 00:08:19 -0700 

Hi Ales,
Your sample code should crash because of typeInfo->getTypeName() returned 0. It is the correct behavior of getTypeName() that's why we could see NULL-check in DOMDocumentImpl.cpp (but not in your code). 

Good luck!
        Vitaly

trceka wrote:


Hi all!

I'm porting some application from using xerces-c 2.8.0 to 3.1.1. I have
modified all the code that was using functions/procedures that changed
between version and successfully compiled the application. Things seemed to
work, until I got a crash [SIGILL] in calling the cloneNode(true) [deep
copy]. After poking around, the problem was identified in the call to
typeInfo->getTypeName(), in the DOMDocumentImpl.cpp:1086:
+++
const DOMTypeInfo * typeInfo=((DOMElement*)source)->getSchemaTypeInfo();
// copy it only if it has valid data
if(typeInfo&&  typeInfo->getTypeName()!=NULL)
     clonedTypeInfo=new (this) DOMTypeInfoImpl(typeInfo->getTypeNamespace(),
typeInfo->getTypeName());</code>
+++

The problem lies in the fact, that getSchemaTypeInfo returns something that
is not null (actually, it returns&DOMTypeInfoImpl::g_DtdValidatedElement),
but the object is corrupted, as soon as you try to access members, you get
SIGILL and coredump.

Here is a small main function created to demonstrate this problem:
+++
int main()
{
     xercesc::XMLPlatformUtils::Initialize();
     xercesc::DOMImplementation* dom_impl =
xercesc::DOMImplementationRegistry::getDOMImplementation(MakeXMLCh("LS"));
     const XMLCh* uri = MakeXMLCh("urn:bla:1.0");
     xercesc::DOMDocument* dom_doc = dom_impl->createDocument(uri,
MakeXMLCh("doc"), NULL);

     xercesc::DOMElement* el = dom_doc->createElementNS(uri,
MakeXMLCh("elem"));
     const xercesc::DOMTypeInfo* typeInfo = el->getSchemaTypeInfo();
     if( typeInfo == NULL ) { std::cout<<  "null"<<  std::endl; }
     else
     {
         char* tmp = xercesc::XMLString::transcode(typeInfo->getTypeName());
         std::cout<<  tmp<<  std::endl;
         delete[] tmp;
     }

     xercesc::XMLPlatformUtils::Terminate();

     return 0;
}
+++

Note: MakeXMLCh() is a function that is included from some other code.
The code above is enough to get the crash. After searching up and down the
internet, I am baffled, is this a bug, or am I doing something awfully
wrong?

Platform: AIX 5.3, xlC 9.0
Xerces-c: 3.1.1, AIX binary

Regards,
Ales
























					Reply via email to