Uploaded image for project: 'Axis2-C'
  1. Axis2-C
  2. AXIS2C-1222

Axis2/C AXIOM libxml2 parser frees the IO context before calling the AXIS2_CLOSE_INPUT_CALLBACK

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.4.0
    • 1.7.0
    • xml/parser
    • None
    • Linux/Unix with libxml2 parser

    Description

      Running under valgrind, I get this invalid read error:
      ==21882== Invalid read of size 4
      ==21882== at 0x43F6F69: axiom_close_gstream (axis2c_util.c:246)
      ==21882== by 0x44F418F: axis2_libxml2_reader_wrapper_close_input_callback (libxml2_reader_wrapper.c:964)
      ==21882== by 0x451BD8C: xmlFreeParserInputBuffer (xmlIO.c:2307)
      ==21882== by 0x4571E6A: xmlTextReaderClose (xmlreader.c:2255)
      ==21882== by 0x44F381C: axis2_libxml2_reader_wrapper_free (libxml2_reader_wrapper.c:505)
      ==21882== by 0x44F2686: axiom_xml_reader_free (xml_reader.c:34)
      ==21882== by 0x444F914: axiom_stax_builder_free (om_stax_builder.c:909)
      ==21882== by 0x43F6D65: Axis2_axiom_deserialize_buffer (axis2c_util.c:152)
      ==21882== by 0x43F6820: Axis2c_cmd_svc_client (axis2c.c:419)
      ==21882== by 0x402EA62: TclEvalObjvInternal (tclBasic.c:3084)
      ==21882== by 0x402F56B: Tcl_EvalEx (tclBasic.c:3674)
      ==21882== by 0x4083D91: Tcl_FSEvalFile (tclIOUtil.c:1651)
      ==21882== Address 0x47616F0 is 0 bytes inside a block of size 56 free'd
      ==21882== at 0x400513F: free (vg_replace_malloc.c:233)
      ==21882== by 0x441AEA3: axutil_allocator_free_impl (allocator.c:91)
      ==21882== by 0x44F3804: axis2_libxml2_reader_wrapper_free (libxml2_reader_wrapper.c:500)
      ==21882== by 0x44F2686: axiom_xml_reader_free (xml_reader.c:34)
      ==21882== by 0x444F914: axiom_stax_builder_free (om_stax_builder.c:909)
      ==21882== by 0x43F6D65: Axis2_axiom_deserialize_buffer (axis2c_util.c:152)
      ==21882== by 0x43F6820: Axis2c_cmd_svc_client (axis2c.c:419)
      ==21882== by 0x402EA62: TclEvalObjvInternal (tclBasic.c:3084)
      ==21882== by 0x402F56B: Tcl_EvalEx (tclBasic.c:3674)
      ==21882== by 0x4083D91: Tcl_FSEvalFile (tclIOUtil.c:1651)
      ==21882== by 0x408C036: Tcl_Main (tclMain.c:292)
      ==21882== by 0x80486B3: main (in /home/rosec/install/fc/bin/tclsh8.4)

      From this I can see that in the libxml2 reader wrapper code, the context of the parser – provided when the IO parser was created – is freed before the close callback is invoked by calling xmlFreeTextReader. This is an error in this instance, because the context handle cannot simply be free()d, in our application it requires specific destructor work to occur. This might be a lack of undestanding of the purpose of the close callback, but it's clear that AXIS2_FREE is invoked on the context handle before the close callback is invoked.

      Attachments

        Activity

          People

            Unassigned Unassigned
            offby1 Chris Rose
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: