Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.1.1
-
None
-
None
-
Embedded linux on ARM-6, cross compliled using gcc for arm-1136jfs-linux-gnueabi
Description
I use the following code:
TProt* pProt = new TProt(TProt::LoadFromString(std::string(pBuf), &XMLerror, "http://www.foobar.org/Protocol " + "/var/schema.xsd"));
Which then calls:
Cprotocol Cprotocol::LoadFromString(const string_type& text,xercesc::ErrorHandler* errHandler /* = NULL */, const string_type& schemaLocation)
{
return Cprotocol(XercesTreeOperations::LoadXml(text, errHandler, schemaLocation));
}
The stack trace which leads up to the double free:
Thread [8] 1141 (Suspended : Container)
~XMLBuffer() at XMLBuffer.hpp:76 0x523fac
~IGXMLScanner() at IGXMLScanner.cpp:163 0x523fac
xercesc_3_1::AbstractDOMParser::cleanUp() at AbstractDOMParser.cpp:160 0x438240
~AbstractDOMParser() at AbstractDOMParser.cpp:130 0x438534
~XercesDOMParser() at XercesDOMParser.cpp:66 0x447c84
~XSDDOMParser() at XSDDOMParser.cpp:66 0x49a8ac
xercesc_3_1::IGXMLScanner::resolveSchemaGrammar() at IGXMLScanner2.cpp:1,981 0x52cc84
xercesc_3_1::IGXMLScanner::parseSchemaLocation() at IGXMLScanner2.cpp:1,727 0x52d548
xercesc_3_1::IGXMLScanner::scanStartTagNS() at IGXMLScanner.cpp:2,205 0x526c74
xercesc_3_1::IGXMLScanner::scanContent() at IGXMLScanner.cpp:890 0x528a64
xercesc_3_1::IGXMLScanner::scanDocument() at IGXMLScanner.cpp:217 0x528c58
xercesc_3_1::AbstractDOMParser::parse() at AbstractDOMParser.cpp:545 0x438f0c
XercesTreeOperations::LoadXml() at Node.cpp:708 0x2364d8
protocol::prot::Cprotocol::LoadFromString() at protocol.cpp:2,270 0x2904f0
CProtocolHelperFunctions::LoadXMLRequest() at CProtocolBase.cpp:34 0xc56cc
And it dies at this:
~XMLBuffer()
{ => fMemoryManager->deallocate(fBuffer); //delete [] fBuffer; }It is worth mentioning that LoadFromString is called several times before this error occurs.