{5} Assigned, Active Tickets by Owner (Full Description) (4 matches)

List tickets assigned, group by ticket owner. This report demonstrates the use of full-row display.

msporny (4 matches)

Ticket Summary Component Milestone Type Created
Description
#6 librdfa crash with inline strtok_r parser 1.0 defect 05/27/08

With debian gcc 4.2.4 on intel x86 I got a crash inside raptor+librdfa when using gcc -O2, which amongst other things, turns on some inlined functions.

After much puzzling I figured out it was this area of code in curie.c: 

          prefix = strtok_r(working_copy, "[:]", &wcptr);
          curie_reference = strtok_r(NULL, "[:]", &wcptr);

when working_copy is "" (empty string).

If you expand the gcc macro, it turns out that wcptr is NULL after the first call and the second one dies with a segv.

This seems to stop it, but I'm not sure if it's the right fix: 

@@ -186,12 +186,14 @@
       if(ctype == CURIE_TYPE_SAFE)
       {
          prefix = strtok_r(working_copy, "[:]", &wcptr);
-         curie_reference = strtok_r(NULL, "[:]", &wcptr);
+         if(wcptr)
+            curie_reference = strtok_r(NULL, "[:]", &wcptr);
       }
       else if(ctype == CURIE_TYPE_IRI_OR_UNSAFE)
       {
          prefix = strtok_r(working_copy, ":", &wcptr);
-         curie_reference = strtok_r(NULL, ":", &wcptr);
+         if(wcptr)
+            curie_reference = strtok_r(NULL, ":", &wcptr);
       }

       // fully resolve the prefix and get it's length
#8 librdfa hard crash with non-xhtml input parser 1.0 defect 06/15/08

This is on Linux x86. 

$ git pull
Already up-to-date.

$ cat .git/refs/heads/master 
111eedbd3a0de27a13da8124d9465abe3e45f071

$ make
Building build/triple.o...
Building build/subject.o...
Building build/rdfa_utils.o...
Building build/rdfa.o...
Building build/namespace.o...
Building build/language.o...
Building build/curie.o...
Building dist/librdfa.so...
Building dist/librdfa.a...
Building build/rdfa2n3.o...
Building build/rdfastring2n3.o...
Building build/curies.o...
Building build/speed.o...
Building rdfa2n3...
Building rdfastring2n3...
Building curies...
Building speed...

$ export LD_LIBRARY_PATH=$PWD/libs

$ cat x.html 
<html>
<head>
  <title>Example!</title>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
  <p>blah</p>
</body>
</html>

$ ./tests/dist/rdfastring2n3 x.html 
mismatched tag at line 5, column 2
*** glibc detected *** ./tests/dist/rdfastring2n3: double free or corruption (!prev): 0x0805a1c8 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0x4ce3ca05]
/lib/i686/cmov/libc.so.6(cfree+0x90)[0x4ce40470]
/home/dajobe/dev/librdfa/simple/libs/librdfa.so(rdfa_free_context+0x1b3)[0xb7f11b73]
./tests/dist/rdfastring2n3[0x8048b6a]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0x4cde7450]
./tests/dist/rdfastring2n3[0x8048861]
======= Memory map: ========
08048000-08049000 r-xp 00000000 08:02 8614787    /home/dajobe/dev/librdfa/simple/tests/dist/rdfastring2n3
08049000-0804a000 rw-p 00000000 08:02 8614787    /home/dajobe/dev/librdfa/simple/tests/dist/rdfastring2n3
0804a000-0806b000 rw-p 0804a000 00:00 0          [heap]
466f8000-46704000 r-xp 00000000 08:02 2483820    /lib/libgcc_s.so.1
46704000-46705000 rw-p 0000b000 08:02 2483820    /lib/libgcc_s.so.1
4cdb3000-4cdcd000 r-xp 00000000 08:02 1990207    /lib/ld-2.7.so
4cdcd000-4cdcf000 rw-p 00019000 08:02 1990207    /lib/ld-2.7.so
4cdd1000-4cf19000 r-xp 00000000 08:02 7597841    /lib/i686/cmov/libc-2.7.so
4cf19000-4cf1a000 r--p 00147000 08:02 7597841    /lib/i686/cmov/libc-2.7.so
4cf1a000-4cf1c000 rw-p 00148000 08:02 7597841    /lib/i686/cmov/libc-2.7.so
4cf1c000-4cf1f000 rw-p 4cf1c000 00:00 0 
4cf4e000-4cf62000 r-xp 00000000 08:02 7597843    /lib/i686/cmov/libpthread-2.7.so
4cf62000-4cf64000 rw-p 00013000 08:02 7597843    /lib/i686/cmov/libpthread-2.7.so
4cf64000-4cf66000 rw-p 4cf64000 00:00 0 
4d089000-4d0a7000 r-xp 00000000 08:02 7862957    /usr/lib/libexpat.so.1.0.0
4d0a7000-4d0a9000 rw-p 0001d000 08:02 7862957    /usr/lib/libexpat.so.1.0.0
b7d00000-b7d21000 rw-p b7d00000 00:00 0 
b7d21000-b7e00000 ---p b7d21000 00:00 0 
b7ef0000-b7ef2000 rw-p b7ef0000 00:00 0 
b7f0e000-b7f14000 r-xp 00000000 08:02 8610403    /home/dajobe/dev/librdfa/simple/c/dist/librdfa.so
b7f14000-b7f15000 rw-p 00005000 08:02 8610403    /home/dajobe/dev/librdfa/simple/c/dist/librdfa.so
b7f15000-b7f17000 rw-p b7f15000 00:00 0 
bfd3e000-bfd53000 rw-p bffeb000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
Aborted (core dumped)

$ valgrind --tool=memcheck --leak-check=yes --num-callers=15 ./tests/dist/rdfastring2n3 x.html 
==22607== Memcheck, a memory error detector.
==22607== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==22607== Using LibVEX rev 1804, a library for dynamic binary translation.
==22607== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==22607== Using valgrind-3.3.0-Debian, a dynamic binary instrumentation framework.
==22607== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==22607== For more details, rerun with: -v
==22607== 
==22607== Conditional jump or move depends on uninitialised value(s)
==22607==    at 0x40079E7: strlen (mc_replace_strmem.c:242)
==22607==    by 0x8048B18: main (rdfastring2n3.c:115)
mismatched tag at line 5, column 2
==22607== 
==22607== Invalid read of size 4
==22607==    at 0x400FB53: rdfa_free_context (rdfa.c:1111)
==22607==    by 0x8048B69: main (rdfastring2n3.c:122)
==22607==  Address 0x418c2c0 is 96 bytes inside a block of size 124 free'd
==22607==    at 0x400665C: free (vg_replace_malloc.c:323)
==22607==    by 0x4010436: rdfa_free_list (rdfa_utils.c:183)
==22607==    by 0x400FB4F: rdfa_free_context (rdfa.c:1108)
==22607==    by 0x8048B69: main (rdfastring2n3.c:122)
==22607== 
==22607== Invalid read of size 4
==22607==    at 0x400FB5D: rdfa_free_context (rdfa.c:1113)
==22607==    by 0x8048B69: main (rdfastring2n3.c:122)
==22607==  Address 0x418c2c0 is 96 bytes inside a block of size 124 free'd
==22607==    at 0x400665C: free (vg_replace_malloc.c:323)
==22607==    by 0x4010436: rdfa_free_list (rdfa_utils.c:183)
==22607==    by 0x400FB4F: rdfa_free_context (rdfa.c:1108)
==22607==    by 0x8048B69: main (rdfastring2n3.c:122)
==22607== 
==22607== Invalid free() / delete / delete[]
==22607==    at 0x400665C: free (vg_replace_malloc.c:323)
==22607==    by 0x400FB72: rdfa_free_context (rdfa.c:1116)
==22607==    by 0x8048B69: main (rdfastring2n3.c:122)
==22607==  Address 0x418c260 is 0 bytes inside a block of size 124 free'd
==22607==    at 0x400665C: free (vg_replace_malloc.c:323)
==22607==    by 0x4010436: rdfa_free_list (rdfa_utils.c:183)
==22607==    by 0x400FB4F: rdfa_free_context (rdfa.c:1108)
==22607==    by 0x8048B69: main (rdfastring2n3.c:122)
==22607== 
==22607== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 16 from 1)
==22607== malloc/free: in use at exit: 79,100 bytes in 37 blocks.
==22607== malloc/free: 149 allocs, 113 frees, 117,765 bytes allocated.
==22607== For counts of detected errors, rerun with: -v
==22607== searching for pointers to 37 not-freed blocks.
==22607== checked 84,840 bytes.
==22607== 
==22607== 
==22607== 36 (12 direct, 24 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 14
==22607==    at 0x4006AB8: malloc (vg_replace_malloc.c:207)
==22607==    by 0x40101D2: rdfa_create_list (rdfa_utils.c:111)
==22607==    by 0x400E2DF: rdfa_init_context (rdfa.c:92)
==22607==    by 0x400E5CF: rdfa_create_new_element_context (rdfa.c:215)
==22607==    by 0x400E870: start_element (rdfa.c:350)
==22607==    by 0x4D09154B: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09201C: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09301D: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D093F64: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08B74A: XML_ParseBuffer (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08D701: XML_Parse (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x400FD45: rdfa_parse_chunk (rdfa.c:1208)
==22607==    by 0x400FF31: rdfa_parse (rdfa.c:1282)
==22607==    by 0x8048B5E: main (rdfastring2n3.c:121)
==22607== 
==22607== 
==22607== 72 (36 direct, 36 indirect) bytes in 3 blocks are definitely lost in loss record 5 of 14
==22607==    at 0x4006AB8: malloc (vg_replace_malloc.c:207)
==22607==    by 0x4010228: rdfa_copy_list (rdfa_utils.c:122)
==22607==    by 0x400E791: rdfa_create_new_element_context (rdfa.c:304)
==22607==    by 0x400E870: start_element (rdfa.c:350)
==22607==    by 0x4D09154B: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09201C: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09301D: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D093F64: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08B74A: XML_ParseBuffer (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08D701: XML_Parse (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x400FD45: rdfa_parse_chunk (rdfa.c:1208)
==22607==    by 0x400FF31: rdfa_parse (rdfa.c:1282)
==22607==    by 0x8048B5E: main (rdfastring2n3.c:121)
==22607== 
==22607== 
==22607== 59 bytes in 3 blocks are definitely lost in loss record 6 of 14
==22607==    at 0x4006B8E: realloc (vg_replace_malloc.c:429)
==22607==    by 0x401002A: rdfa_n_append_string (rdfa_utils.c:50)
==22607==    by 0x400F5E6: character_data (rdfa.c:783)
==22607==    by 0x4D091005: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09201C: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09301D: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D093F64: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08B74A: XML_ParseBuffer (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08D701: XML_Parse (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x400FD45: rdfa_parse_chunk (rdfa.c:1208)
==22607==    by 0x400FF31: rdfa_parse (rdfa.c:1282)
==22607==    by 0x8048B5E: main (rdfastring2n3.c:121)
==22607== 
==22607== 
==22607== 554 bytes in 9 blocks are definitely lost in loss record 9 of 14
==22607==    at 0x4006AB8: malloc (vg_replace_malloc.c:207)
==22607==    by 0x409C92F: strdup (strdup.c:43)
==22607==    by 0x40100A3: rdfa_replace_string (rdfa_utils.c:69)
==22607==    by 0x400E5BD: rdfa_create_new_element_context (rdfa.c:214)
==22607==    by 0x400E870: start_element (rdfa.c:350)
==22607==    by 0x4D09154B: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09201C: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09301D: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D093F64: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08B74A: XML_ParseBuffer (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08D701: XML_Parse (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x400FD45: rdfa_parse_chunk (rdfa.c:1208)
==22607==    by 0x400FF31: rdfa_parse (rdfa.c:1282)
==22607==    by 0x8048B5E: main (rdfastring2n3.c:121)
==22607== 
==22607== 
==22607== 8,192 bytes in 2 blocks are definitely lost in loss record 10 of 14
==22607==    at 0x4006AB8: malloc (vg_replace_malloc.c:207)
==22607==    by 0x4010686: rdfa_copy_mapping (rdfa_utils.c:258)
==22607==    by 0x400E5F5: rdfa_create_new_element_context (rdfa.c:223)
==22607==    by 0x400E870: start_element (rdfa.c:350)
==22607==    by 0x4D09154B: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09201C: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09301D: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D093F64: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08B74A: XML_ParseBuffer (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08D701: XML_Parse (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x400FD45: rdfa_parse_chunk (rdfa.c:1208)
==22607==    by 0x400FF31: rdfa_parse (rdfa.c:1282)
==22607==    by 0x8048B5E: main (rdfastring2n3.c:121)
==22607== 
==22607== 
==22607== 70,187 (124 direct, 70,063 indirect) bytes in 1 blocks are definitely lost in loss record 12 of 14
==22607==    at 0x4006AB8: malloc (vg_replace_malloc.c:207)
==22607==    by 0x400F92F: rdfa_create_context (rdfa.c:997)
==22607==    by 0x400E5A4: rdfa_create_new_element_context (rdfa.c:208)
==22607==    by 0x400E870: start_element (rdfa.c:350)
==22607==    by 0x4D09154B: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09201C: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D09301D: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D093F64: (within /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08B74A: XML_ParseBuffer (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x4D08D701: XML_Parse (in /usr/lib/libexpat.so.1.0.0)
==22607==    by 0x400FD45: rdfa_parse_chunk (rdfa.c:1208)
==22607==    by 0x400FF31: rdfa_parse (rdfa.c:1282)
==22607==    by 0x8048B5E: main (rdfastring2n3.c:121)
==22607== 
==22607== LEAK SUMMARY:
==22607==    definitely lost: 8,977 bytes in 19 blocks.
==22607==    indirectly lost: 70,123 bytes in 18 blocks.
==22607==      possibly lost: 0 bytes in 0 blocks.
==22607==    still reachable: 0 bytes in 0 blocks.
==22607==         suppressed: 0 bytes in 0 blocks.

I get the same crash compiled inside raptor and I have a fix that I've committed to my librda GIT repo, but it amounts to rdfa_free_context() freeing the context_stack using rdfa_free_list(context->context_stack); which ends up freeing itself. I rewrote it as a loop that checks before freeing with rdfa_free_context(). This fixes the crash and frees most of the memory but not all yet.

See my GIT commit 8892f4056d9486d7bdd0cc89fe12b3a863a4d418 at  http://download.dajobe.org/librdfa/librdfa.git

#18 librdfa crashes on RDF/XML input file parser 1.0 defect 01/07/09

Fuzzbot will crash Firefox when a non-XHTML XML document is opened in the Firefox browser (such as an XML/RDF file). This might be due to a bug in librdfa.

Workaround: There is a "Fuzzbot Disabled" checkbox that you can activate by right-clicking on the Fuzzbot icon in the Firefox status bar - this will ensure that Fuzzbot does not automatically run on a web page.

Example:

 http://linkeddata.uriburner.com/about/rdf/http://rdfa.digitalbazaar.com/fuzzbot/demo/video.html

#3 rdfa.c should be split into two files parser 1.0 enhancement 05/20/08

c/rdfa.c should be split into two files, c/context.c and c/parser.c.

Note: See TracReports for help on using and creating reports.