[xsd-users] Segmentation fault in application when parsing large XML with default (8MiB) stack size

Tempelaar E. (Erik) Erik.Tempelaar at vanoord.com
Thu Feb 28 03:25:30 EST 2019 

Dear xsd-users,

Our app crashes with segfault when it tries to parse a rather large XML-file (close to the stacksize of 8MiB).
As a workaround the stack for the application has been increased. I'd like to get rid of this workaround because I believe it results in large core dumps (the applications uses many threads, unfortunately)

My assumption is that the xml-file ends up on the stack somewhere, causing an overflow and corrupting my heap.
Does this make sense? Any pointers on how to fix this or gathering more information on the crash?

This is what the core dump looks like:
vagrant at vagrant-slackware-14-2:/<application>/release/<app>$ gdb --args ./<application> /<application>/configurations/max_udp/
GNU gdb (GDB) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-slackware-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./<application>...done.
(gdb) run
Starting program: /<application>/release/<app>/<application> /<application>/configurations/max_udp/
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
[New Thread 0xb7c10b40 (LWP 3612)]
[2019-02-28 06:34:12.972] [INFO   ] worker thread RemoteLogging started, PID: 3612
[New Thread 0xb76ffb40 (LWP 3616)]

[2019-02-28 06:34:13.350] [INFO   ] configuration loaded from: /<application>/large_file.xml
Thread 1 "<application>" received signal SIGSEGV, Segmentation fault.
0xb7c91418 in _int_malloc () from /lib/libc.so.6
(gdb) info frame
Stack level 0, frame at 0xbfc00070:
eip = 0xb7c91418 in _int_malloc; saved eip = 0xb7c941d0
called by frame at 0xbfc000a0
Arglist at 0xbfbfffc4, args:
Locals at 0xbfbfffc4, Previous frame's sp is 0xbfc00070
Saved registers:
  ebx at 0xbfc0005c, ebp at 0xbfc00068, esi at 0xbfc00060, edi at 0xbfc00064, eip at 0xbfc0006c
(gdb) info stack
#0  0xb7c91418 in _int_malloc () from /lib/libc.so.6
#1  0xb7c941d0 in malloc () from /lib/libc.so.6
#2  0xb7eac63b in operator new(unsigned int) () from /usr/lib/libstdc++.so.6
#3  0x0818f010 in xercesc_3_2::MemoryManagerImpl::allocate(unsigned int) ()
#4  0x0821f905 in xercesc_3_2::RegularExpression::Context::Context(xercesc_3_2::RegularExpression::Context*) ()
#5  0x08224055 in xercesc_3_2::RegularExpression::matchUnion(xercesc_3_2::RegularExpression::Context*, xercesc_3_2::Op const*, unsigned int) const ()
#6  0x08221097 in xercesc_3_2::RegularExpression::match(xercesc_3_2::RegularExpression::Context*, xercesc_3_2::Op const*, unsigned int) const ()
#7  0x08224090 in xercesc_3_2::RegularExpression::matchUnion(xercesc_3_2::RegularExpression::Context*, xercesc_3_2::Op const*, unsigned int) const ()
#8  0x08221097 in xercesc_3_2::RegularExpression::match(xercesc_3_2::RegularExpression::Context*, xercesc_3_2::Op const*, unsigned int) const ()
#9  0x08224090 in xercesc_3_2::RegularExpression::matchUnion(xercesc_3_2::RegularExpression::Context*, xercesc_3_2::Op const*, unsigned int) const ()
#10 0x08221097 in xercesc_3_2::RegularExpression::match(xercesc_3_2::RegularExpression::Context*, xercesc_3_2::Op const*, unsigned int) const ()
#11 0x08224090 in xercesc_3_2::RegularExpression::matchUnion(xercesc_3_2::RegularExpression::Context*, xercesc_3_2::Op const*, unsigned int) const ()
#12 0x08221097 in xercesc_3_2::RegularExpression::match(xercesc_3_2::RegularExpression::Context*, xercesc_3_2::Op const*, unsigned int) const ()

... this continues ...

#32725 0x0822186f in xercesc_3_2::RegularExpression::matches(char16_t const*, unsigned int, unsigned int, xercesc_3_2::Match*, xercesc_3_2::MemoryManager*) const ()
#32726 0x082220fb in xercesc_3_2::RegularExpression::matches(char16_t const*, xercesc_3_2::MemoryManager*) const ()
#32727 0x08288791 in xercesc_3_2::AbstractStringValidator::checkContent(char16_t const*, xercesc_3_2::ValidationContext*, bool, xercesc_3_2::MemoryManager*) ()
#32728 0x082874ff in xercesc_3_2::AbstractStringValidator::validate(char16_t const*, xercesc_3_2::ValidationContext*, xercesc_3_2::MemoryManager*) ()
#32729 0x0829915d in xercesc_3_2::SchemaValidator::checkContent(xercesc_3_2::XMLElementDecl*, xercesc_3_2::QName**, unsigned int, unsigned int*) ()
#32730 0x082c944b in xercesc_3_2::IGXMLScanner::scanEndTag(bool&) ()
#32731 0x082d021c in xercesc_3_2::IGXMLScanner::scanContent() ()
#32732 0x082d03e8 in xercesc_3_2::IGXMLScanner::scanDocument(xercesc_3_2::InputSource const&) ()
#32733 0x0819e367 in xercesc_3_2::XMLScanner::scanDocument(char16_t const*) ()
#32734 0x08270b0e in xercesc_3_2::AbstractDOMParser::parse(char16_t const*) ()
#32735 0x081af99c in xercesc_3_2::DOMLSParserImpl::parseURI(char16_t const*) ()
#32736 0x0811066d in xsd::cxx::xml::dom::parse<char> (uri=..., eh=..., prop=..., flags=0) at ../../../resources/include/xsd/cxx/xml/dom/parsing-source.txx:367
#32737 0x0812a44f in xsd::cxx::xml::dom::parse<char> (flags=<optimized out>, prop=..., eh=..., uri=...) at ../../../resources/include/xsd/cxx/xml/dom/parsing-source.txx:244
#32738 DeviceConfig (u=..., f=..., p=...) at generated/device_config.cpp:6955
#32739 0x08052201 in Server::AppendDeviceConfiguration (this=0x84bb5f0, xml_path=...) at ../../modules/common/Server.cpp:190
#32740 0x080544c3 in Server::ReadConfiguration (this=0x84bb5f0) at ../../modules/common/Server.cpp:343
#32741 0x0804e39f in Application (path=...) at ../../modules/common/main.cpp:181
#32742 main (argc=2, argv=0xbffff384) at ../../modules/common/main.cpp:441

XSD 4.0.0 with Xerces-c 3.2

Xerces-c
Windows / Msys2 / mingw32
../xerces-c-3.2.0/configure --prefix=/home/data/xerces --build=i686-w64-mingw32 --disable-shared --disable-network --disable-sse2 CFLAGS="-std=gnu11 -O3 -mno-ms-bitfields -mthreads" CXXFLAGS="-std=gnu++11 -O3 -mno-ms-bitfields -mthreads"
Linux (Slackware)
../xerces-c-3.2.0/configure --prefix=/home/data/xerces --disable-shared --disable-network --disable-sse2 CFLAGS="-std=gnu11 -O3 -mno-ms-bitfields" CXXFLAGS="-std=gnu++11 -O3 -mno-ms-bitfields"

XSD
Windows / Msys2 / mingw32
make CFLAGS="-std=gnu11 -O3 -mno-ms-bitfields" CXXFLAGS="-std=gnu++11 -O3 -mno-ms-bitfields -I../../../resources/include" LDFLAGS="-s -static -static-libgcc -static-libstdc++ -L../../../resources/lib/msys2/xerces-c"
Linux (Slackware)
make CFLAGS="-std=gnu11 -O3 -mno-ms-bitfields -pthread" CXXFLAGS="-std=gnu++11 -O3 -mno-ms-bitfields -pthread -I../../../resources/include" LDFLAGS="-s -L../../../resources/lib/linux/xerces-c"

I appreciate any advice.

Kind regards,
Erik





Disclaimer: This mail transmission and any attached files are confidential and are intended for the addressee only. If you are not the person or organization to whom it is addressed, you must not copy, disclose, distribute or take any action in reliance upon it. If you have received this message in error, please contact the sender by email and delete all copies of this message and all copies of any attached files.

More information about the xsd-users mailing list