[xsde-users] State stack: memory corruption for stacks >= 8,
with patch
Klaus Kuehnhammer
klaus at bitstem.com
Sat Aug 28 08:33:52 EDT 2010
Hi Boris,
that seems to do it, thanks!
Klaus
On Fri, 2010-08-27 at 20:07 +0200, Boris Kolpackov wrote:
> Hi Klaus,
>
> I have CC'ed xsde-users to my reply.
>
> Klaus Kuehnhammer <klaus at bitstem.com> writes:
>
> > I still get the memory issues I described in the second point using your
> > patch.
>
> Yes, you are right. I was concentrating on the code after the loop
> while it is the code in the loop that has the problem.
>
> My solution is to re-implement the stack so that it doesn't move
> elements:
>
> http://scm.codesynthesis.com/?p=xsde/xsde.git;a=commit;h=14b909b25dec8e68f7bcb35e89ce503c5f12967c
>
> It will probably be easier to just copy the whole stack.?xx files
> than apply the patch.
>
> Let me know if you get any problems with this.
>
> Boris
>
>
> [The rest of the original email follows for context.]
>
> >
> > Putting some printfs in the stack push and start_element code shows that
> > the stack is definitely grown by something (the (this->*vd->func)
> > calls? ) before vs is read back:
> >
> > push ()
> > {
> > if (size_ > capacity_)
> > {
> > printf("%p: growing stack, old buffer at %p, top %p\n", this, data_,
> > top());
> > #ifdef XSDE_EXCEPTIONS
> > grow ();
> > #else
> > if (error e = grow ())
> > return e;
> > #endif
> >
> > printf("%p: new buffer at %p, top %p\n", this, data_, top() );
> > }
> >
> > -------------------------------------------------------------------------------
> >
> > _start_element_impl (const ::xsde::cxx::ro_string& ns,
> > const ::xsde::cxx::ro_string& n)
> > {
> > ::xsde::cxx::parser::context& ctx = this->_context ();
> >
> > v_state_& vs = *static_cast< v_state_* > (this->v_state_stack_.top
> > ());
> > v_state_descr_* vd = vs.data + (vs.size - 1);
> > printf("set vs\n");
> >
> > if (vd->func == 0 && vd->state == 0)
> > {
> > typedef ::xsde::cxx::parser::validating::complex_content base;
> > if (base::_start_element_impl (ns, n))
> > return true;
> > else
> > vd->state = 1;
> > }
> >
> > while (vd->func != 0)
> > {
> > (this->*vd->func) (vd->state, vd->count, ns, n, true);
> >
> > printf("read vs\n");
> > vd = vs.data + (vs.size - 1);
> >
> > if (vd->state == ~0UL && !ctx.error_type ())
> > vd = vs.data + (--vs.size - 1);
> > else
> > break;
> > }
> >
> > -------------------------------------------------------------------------------
> >
> > log:
> >
> > read vs
> > set vs
> > set vs
> > 0x7feffc5a0: growing stack, old buffer at 0x8511660, top 0x85116d0
> > 0x7feffc5a0: new buffer at 0x8513f70, top 0x8513fe0
> > 0x7feffc468: growing stack, old buffer at 0x8511720, top 0x85117c8
> > 0x7feffc468: new buffer at 0x85140b0, top 0x8514158
> > 0x7feffc568: growing stack, old buffer at 0x8511820, top 0x8511827
> > 0x7feffc568: new buffer at 0x8514270, top 0x8514277
> > 0x7feffc538: growing stack, old buffer at 0x8511870, top 0x8511b48
> > 0x7feffc538: new buffer at 0x85142c0, top 0x8514598
> > read vs
> >
> > after this, valgrind reports reads from the old buffer that has just
> > been deleted.
> >
> > The XML input that triggers this is structured like this:
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > </a>
> > </a>
> > </a>
> > </a>
> > </a>
> > </a>
> > </a>
> > </a>
> > </a>
>
More information about the xsde-users
mailing list