Ticket #4 (closed defect: fixed)
xmlif segfault on malformed input
|Reported by:||hanno||Owned by:||ovasik|
attached file will cause a segfault in xmlif.
valgrind output: ==2066== Invalid read of size 8 ==2066== at 0x401496: end_attribute (xmlif.l:104) ==2066== by 0x401496: yylex (xmlif.l:211) ==2066== by 0x4E55F9F: (below main) (libc-start.c:289) ==2066== Address 0x8 is not stack'd, malloc'd or (recently) free'd ==2066== ==2066== ==2066== Process terminating with default action of signal 11 (SIGSEGV) ==2066== Access not within mapped region at address 0x8 ==2066== at 0x401496: end_attribute (xmlif.l:104) ==2066== by 0x401496: yylex (xmlif.l:211) ==2066== by 0x4E55F9F: (below main) (libc-start.c:289) ==2066== If you believe this happened as a result of a stack ==2066== overflow in your program's main thread (unlikely but ==2066== possible), you can try to increase the size of the ==2066== main thread stack using the --main-stacksize= flag. ==2066== The main thread stack size used in this run was 8388608.
Note: See TracTickets for help on using tickets.