Uploaded image for project: 'Xerces-C++'
  1. Xerces-C++
  2. XERCESC-2154

"terminate called after throwing an instance of 'xercesc_3_2::XMLErrs::Codes'" crash on Solaris x86 with invalid xml input (c++11)

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.2.1, 3.2.2
    • Fix Version/s: None
    • Component/s: DOM
    • Labels:
      None
    • Environment:

      Description

      Hi,

      I have a problem running xerces on Solaris x86 platform compiled with '-std=c++11' flag using Oracle developer studio 12.6. The compilation is fine and the library works fine in all positive scenarios, but it fails with Abort signal (core dumped) when an XML content to process is broken ending with the error message:
      "terminate called after throwing an instance of 'xercesc_3_2::XMLErrs::Codes'"

      I was able to isolate the problem by using DOMPrint example run with a file with an invalid xml content.

      The positive scenario:
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2: export LD_LIBRARY_PATH=/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2/src/.libs:/opt/developerstudio12.6/lib/compilers/CC-gcc/lib
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2/samples: ./.libs/DOMPrint xml_ok.xml
      <?xml version="1.0" encoding="UTF-8" standalone="no" ?><IBM>
              <CIT>
                      <Hardware version="1.0">
                              <Group Name="Lpar"/>
                      </Hardware>
              </CIT>
      </IBM>

      The negative scenario:
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2/samples: ./.libs/DOMPrint xml_broken.xml
      Fatal Error at file "/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2/samples/xml_broken.xml", line 5, column 1
         Message: input ended before all started tags were ended; last tag started is 'Hardware'
      terminate called after throwing an instance of 'xercesc_3_2::XMLErrs::Codes'
      Abort (core dumped)

      I attach both xml_ok.xml and xml_broken.xml files for your reference.

      Details:

      1)
      Xerces version 3.2.1 (I also tried with 3.2.2 with the same behavior)

      2)
      Oracle compiler version (supports c++11):
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2: /opt/developerstudio12.6/bin/CC -V
      CC: Studio 12.6 Sun C++ 5.15 SunOS_i386 2017/05/30

      OS version:
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2: uname -a
      SunOS hostname 5.10 Generic_150401-61 i86pc i386 i86pc

      3)
      Configure options:
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2: chmod x ./configure.solaris; chmod +x config/install-sh; ./configure.solaris CXX="/opt/developerstudio12.6/bin/CC" CC="/opt/developerstudio12.6/bin/cc" LD="/opt/developerstudio12.6/bin/CC" LDFLAGS="-std=c11 -L/opt/developerstudio12.6/lib/compilers/CC-gcc/lib -lstdc+ -lgcc_s -lCrunG3 -s" CFLAGS="-xO2 -D_XOPEN_SOURCE_EXTENDED=1 -D_EXTENSIONS_ -Kpic -mt" CXXFLAGS="-xO2 -D_XOPEN_SOURCE_EXTENDED=1 -D_EXTENSIONS_ -Kpic -mt -std=c++11" --disable-static --enable-xmlch-uint16_t AR="/opt/developerstudio12.6/bin/CC -xar" ARFLAGS=-o --enable-transcoder-iconv
      ...
      ...
      configure.solaris: Report:
      configure.solaris:   File Manager: POSIX
      configure.solaris:   Mutex Manager: standard
      configure.solaris:   Transcoder: iconv
      configure.solaris:   NetAccessor: socket
      configure.solaris:   Message Loader: inmemory
      configure.solaris:   XMLCh Type: uint16_t

      4)
      "ldd" outputs:
      Initially I had issues with "terminate called after throwing an instance ..." because I mistakenly linked to both

      • c+11 libraries: stdc+ gcc_s CrunG3
      • and standard libraries: Cstd stlport4 stdcxx4 Crun iostream libraries
        which is not allowed.

      Xerces compiled, but failed in almost all scenarios with similar "terminate called..." crashes. After fixing the issue (getting rid of linking to standard (Cstd and Crun) libraries) all test cases passed except the negative ones.

      Here is the list of "ldd" outputs:

      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2/samples: file ./.libs/DOMPrint
      ./.libs/DOMPrint:       ELF 32-bit LSB executable 80386 Version 1 [SSE2 SSE], dynamically linked, stripped
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2/samples: ldd ./.libs/DOMPrint
              libxerces-c-3.2.so =>    /rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2/src/.libs/libxerces-c-3.2.so
              libstdc+.so.6 =>        /opt/developerstudio12.6/lib/compilers/CC-gcc/lib/libstdc+.so.6
              libgcc_s.so.1 =>         /opt/developerstudio12.6/lib/compilers/CC-gcc/lib/libgcc_s.so.1
              libCrunG3.so.1 =>        /usr/lib/libCrunG3.so.1
              libnsl.so.1 =>   /lib/libnsl.so.1
              libsocket.so.1 =>        /lib/libsocket.so.1
              libstatomic.so.1 =>      /opt/developerstudio12.6/lib/compilers/atomic/libstatomic.so.1
              librt.so.1 =>    /lib/librt.so.1
              libm.so.2 =>     /lib/libm.so.2
              libc.so.1 =>     /lib/libc.so.1
              libmp.so.2 =>    /lib/libmp.so.2
              libmd.so.1 =>    /lib/libmd.so.1
              libscf.so.1 =>   /lib/libscf.so.1
              libaio.so.1 =>   /lib/libaio.so.1
              libdoor.so.1 =>  /lib/libdoor.so.1
              libuutil.so.1 =>         /lib/libuutil.so.1
              libgen.so.1 =>   /lib/libgen.so.1
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2/samples: cd ..
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2: file src/.libs/libxerces-c-3.2.so
      src/.libs/libxerces-c-3.2.so:   ELF 32-bit LSB dynamic lib 80386 Version 1 [SSE2 SSE], dynamically linked, not stripped
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2: ldd src/.libs/libxerces-c-3.2.so
              libstdc+.so.6 =>        /opt/developerstudio12.6/lib/compilers/CC-gcc/lib/libstdc+.so.6
              libgcc_s.so.1 =>         /opt/developerstudio12.6/lib/compilers/CC-gcc/lib/libgcc_s.so.1
              libCrunG3.so.1 =>        /usr/lib/libCrunG3.so.1
              libnsl.so.1 =>   /lib/libnsl.so.1
              libsocket.so.1 =>        /lib/libsocket.so.1
              libc.so.1 =>     /lib/libc.so.1
              libm.so.2 =>     /lib/libm.so.2
              librt.so.1 =>    /lib/librt.so.1
              libmp.so.2 =>    /lib/libmp.so.2
              libmd.so.1 =>    /lib/libmd.so.1
              libscf.so.1 =>   /lib/libscf.so.1
              libaio.so.1 =>   /lib/libaio.so.1
              libdoor.so.1 =>  /lib/libdoor.so.1
              libuutil.so.1 =>         /lib/libuutil.so.1
              libgen.so.1 =>   /lib/libgen.so.1
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2:

      5)
      "dbx" output:
      [hostname]/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2/samples: dbx -a ./.libs/DOMPrint xml_broken.xml
      For information about new features see `help changes'
      To remove this message, put `dbxenv suppress_startup_message 8.2' in your .dbxrc
      Reading DOMPrint
      Reading ld.so.1
      Reading libxerces-c-3.2.so
      Reading libstdc++.so.6.0.21
      Reading libgcc_s.so.1
      Reading libCrunG3.so.1
      Reading libnsl.so.1
      Reading libsocket.so.1
      Reading libstatomic.so.1
      Reading librt.so.1
      Reading libm.so.2
      Reading libc.so.1
      Reading libaio.so.1
      Reading libmd.so.1
      (dbx) run
      Running: DOMPrint xml_broken.xml
      (process id 11188)
      Fatal Error at file "/rome/homes/cit/gmajka/xerces_tests/solaris_322/xerces-c-3.2.2/samples/xml_broken.xml", line 5, column 1
         Message: input ended before all started tags were ended; last tag started is 'Hardware'
      terminate called after throwing an instance of 'xercesc_3_2::XMLErrs::Codes'
      signal ABRT (Abort) in __lwp_kill at 0xfe66c9b5
      0xfe66c9b5: __lwp_kill+0x0015:  jae      __lwp_kill+0x23        [ 0xfe66c9c3, .+0xe ]
      (dbx) where
      =>[1] __lwp_kill(0x1, 0x6), at 0xfe66c9b5
        [2] _thr_kill(0x1, 0x6), at 0xfe66782c
        [3] raise(0x6), at 0xfe6137db
        [4] abort(0xfe8725cc, 0x107, 0x80b6110, 0xfe6d3cd8, 0xfef90c00, 0xfe8725cc), at 0xfe5f29f5
        [5] _gnu_cxx::_verbose_terminate_handler(0x1, 0x0, 0xfe96c64b, 0xfe9b1008, 0x80f0fd8, 0xf6), at 0xfe96f9e5
        [6] 0xfe96c657(0xfe96f870, 0x0, 0xfe96c6b5, 0xfe96c6e7, 0xfe96c6d9, 0xfe9b1008), at 0xfe96c657
        [7] std::terminate(0x80f0fd8, 0xfef90c00, 0xfe96c6b5, 0xfe96c94f, 0xfee4dfa8, 0x0), at 0xfe96c6f0
        [8] _gnu_cxx::_verbose_terminate_handler(0x1, 0x6, 0xfe6d0000, 0x804557c, 0xfe6137db, 0x1), at 0xfe96f870
      (dbx)

        Attachments

        1. xml_broken.xml
          0.1 kB
          Grzegorz Majka
        2. xml_ok.xml
          0.1 kB
          Grzegorz Majka

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              gmajka Grzegorz Majka
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: