Package: libtinyxml2.6.2 Version: 2.6.2-2 Usertags: afl
TinyXml crashes with failed assertion while trying to parse the attached file:
$ make prettyprintxml CXXFLAGS="-g -O2 -Wall" LDFLAGS=-ltinyxml g++ -g -O2 -Wall -ltinyxml prettyprintxml.cc -o prettyprintxml $ ./prettyprintxml badxml.xml prettyprintxml: tinyxmlparser.cpp:543: static bool TiXmlBase::StringEqual(const char*, const char*, bool, TiXmlEncoding): Assertion `0' failed. Aborted Backtrace: #0 0xf7fdc425 in __kernel_vsyscall () #1 0xf7c5d307 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #2 0xf7c5e9c3 in __GI_abort () at abort.c:89 #3 0xf7c56687 in __assert_fail_base (fmt=0xf7d90794 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0xf7fb8751 "0", file=file@entry=0xf7fb8d76 "tinyxmlparser.cpp", line=line@entry=543, function=function@entry=0xf7fb93c0 <TiXmlBase::StringEqual(char const*, char const*, bool, TiXmlEncoding)::__PRETTY_FUNCTION__> "static bool TiXmlBase::StringEqual(const char*, const char*, bool, TiXmlEncoding)") at assert.c:92 #4 0xf7c56737 in __GI___assert_fail (assertion=0xf7fb8751 "0", file=0xf7fb8d76 "tinyxmlparser.cpp", line=543, function=0xf7fb93c0 <TiXmlBase::StringEqual(char const*, char const*, bool, TiXmlEncoding)::__PRETTY_FUNCTION__> "static bool TiXmlBase::StringEqual(const char*, const char*, bool, TiXmlEncoding)") at assert.c:101 #5 0xf7fb5674 in TiXmlBase::StringEqual (p=p@entry=0x804fbbf "", tag=tag@entry=0xf7fb8e08 "version", ignoreCase=ignoreCase@entry=true, encoding=encoding@entry=TIXML_ENCODING_UNKNOWN) at tinyxmlparser.cpp:543 #6 0xf7fb7862 in TiXmlDeclaration::Parse (this=0x804fbc8, p=0x804fbbf "", data=0xffffd620, _encoding=TIXML_ENCODING_UNKNOWN) at tinyxmlparser.cpp:1603 #7 0xf7fb625b in TiXmlDocument::Parse (this=0xffffd748, p=0x804fbb8 "<?xml?\n", prevData=0x0, encoding=TIXML_ENCODING_UNKNOWN) at tinyxmlparser.cpp:759 #8 0xf7fb13db in TiXmlDocument::LoadFile (this=this@entry=0xffffd748, file=file@entry=0x804fa50, encoding=encoding@entry=TIXML_ENCODING_UNKNOWN) at tinyxml.cpp:1054 #9 0xf7fb153c in TiXmlDocument::LoadFile (this=this@entry=0xffffd748, _filename=0x804fa1c "badxml.xml", encoding=encoding@entry=TIXML_ENCODING_UNKNOWN) at tinyxml.cpp:952 #10 0xf7fb15fa in TiXmlDocument::LoadFile (this=0xffffd748, encoding=TIXML_ENCODING_UNKNOWN) at tinyxml.cpp:933 #11 0x08048ded in main (argc=2, argv=0xffffd854) at prettyprintxml.cc:13 This bug was found using American fuzzy lop: http://lcamtuf.coredump.cx/afl/ (available in Debian experimental) -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages libtinyxml2.6.2 depends on: ii libc6 2.19-15 ii libgcc1 1:5-20150307-1 ii libstdc++6 5-20150307-1 ii multiarch-support 2.19-15 -- Jakub Wilk
#include <stdio.h>
#define TIXML_USE_STL 1
#include <tinyxml.h>
int main(int argc, char ** argv)
{
if (argc != 2) {
fprintf(stderr, "Usage: %s <file>\n", argv[0]);
return 1;
}
TiXmlDocument doc(argv[1]);
if (!doc.LoadFile()) {
fprintf(stderr, "invalid XML\n");
return 1;
}
TiXmlPrinter printer;
doc.Accept(&printer);
puts(printer.CStr());
return 0;
}
badxml.xml
Description: XML document

