[xsde-users] State stack: memory corruption for stacks >= 8,
with patch
Boris Kolpackov
boris at codesynthesis.com
Fri Aug 27 14:07:22 EDT 2010
Hi Klaus,
I have CC'ed xsde-users to my reply.
Klaus Kuehnhammer <klaus at bitstem.com> writes:
> I still get the memory issues I described in the second point using your
> patch.
Yes, you are right. I was concentrating on the code after the loop
while it is the code in the loop that has the problem.
My solution is to re-implement the stack so that it doesn't move
elements:
http://scm.codesynthesis.com/?p=xsde/xsde.git;a=commit;h=14b909b25dec8e68f7bcb35e89ce503c5f12967c
It will probably be easier to just copy the whole stack.?xx files
than apply the patch.
Let me know if you get any problems with this.
Boris
[The rest of the original email follows for context.]
>
> Putting some printfs in the stack push and start_element code shows that
> the stack is definitely grown by something (the (this->*vd->func)
> calls? ) before vs is read back:
>
> push ()
> {
> if (size_ > capacity_)
> {
> printf("%p: growing stack, old buffer at %p, top %p\n", this, data_,
> top());
> #ifdef XSDE_EXCEPTIONS
> grow ();
> #else
> if (error e = grow ())
> return e;
> #endif
>
> printf("%p: new buffer at %p, top %p\n", this, data_, top() );
> }
>
> -------------------------------------------------------------------------------
>
> _start_element_impl (const ::xsde::cxx::ro_string& ns,
> const ::xsde::cxx::ro_string& n)
> {
> ::xsde::cxx::parser::context& ctx = this->_context ();
>
> v_state_& vs = *static_cast< v_state_* > (this->v_state_stack_.top
> ());
> v_state_descr_* vd = vs.data + (vs.size - 1);
> printf("set vs\n");
>
> if (vd->func == 0 && vd->state == 0)
> {
> typedef ::xsde::cxx::parser::validating::complex_content base;
> if (base::_start_element_impl (ns, n))
> return true;
> else
> vd->state = 1;
> }
>
> while (vd->func != 0)
> {
> (this->*vd->func) (vd->state, vd->count, ns, n, true);
>
> printf("read vs\n");
> vd = vs.data + (vs.size - 1);
>
> if (vd->state == ~0UL && !ctx.error_type ())
> vd = vs.data + (--vs.size - 1);
> else
> break;
> }
>
> -------------------------------------------------------------------------------
>
> log:
>
> read vs
> set vs
> set vs
> 0x7feffc5a0: growing stack, old buffer at 0x8511660, top 0x85116d0
> 0x7feffc5a0: new buffer at 0x8513f70, top 0x8513fe0
> 0x7feffc468: growing stack, old buffer at 0x8511720, top 0x85117c8
> 0x7feffc468: new buffer at 0x85140b0, top 0x8514158
> 0x7feffc568: growing stack, old buffer at 0x8511820, top 0x8511827
> 0x7feffc568: new buffer at 0x8514270, top 0x8514277
> 0x7feffc538: growing stack, old buffer at 0x8511870, top 0x8511b48
> 0x7feffc538: new buffer at 0x85142c0, top 0x8514598
> read vs
>
> after this, valgrind reports reads from the old buffer that has just
> been deleted.
>
> The XML input that triggers this is structured like this:
> <a>
> <b/>
> <a>
> <b/>
> <a>
> <b/>
> <a>
> <b/>
> <a>
> <b/>
> <a>
> <b/>
> <a>
> <b/>
> <a>
> <b/>
> <a>
> <b/>
> </a>
> </a>
> </a>
> </a>
> </a>
> </a>
> </a>
> </a>
> </a>
More information about the xsde-users
mailing list