[xsde-users] State stack: memory corruption for stacks >= 8, with patch

Klaus Kuehnhammer klaus at bitstem.com
Sat Aug 28 08:33:52 EDT 2010


Hi Boris,

that seems to do it, thanks!

Klaus

On Fri, 2010-08-27 at 20:07 +0200, Boris Kolpackov wrote:
> Hi Klaus,
> 
> I have CC'ed xsde-users to my reply.
> 
> Klaus Kuehnhammer <klaus at bitstem.com> writes:
> 
> > I still get the memory issues I described in the second point using your
> > patch.
> 
> Yes, you are right. I was concentrating on the code after the loop
> while it is the code in the loop that has the problem.
> 
> My solution is to re-implement the stack so that it doesn't move
> elements:
> 
> http://scm.codesynthesis.com/?p=xsde/xsde.git;a=commit;h=14b909b25dec8e68f7bcb35e89ce503c5f12967c
> 
> It will probably be easier to just copy the whole stack.?xx files
> than apply the patch.
> 
> Let me know if you get any problems with this.
> 
> Boris
> 
> 
> [The rest of the original email follows for context.]
> 
> > 
> > Putting some printfs in the stack push and start_element code shows that
> > the stack is definitely grown by something (the (this->*vd->func)
> > calls? ) before vs is read back:
> > 
> > push ()
> >     {
> >       if (size_ > capacity_)
> >       {
> > printf("%p: growing stack, old buffer at %p, top %p\n", this, data_,
> > top());
> > #ifdef XSDE_EXCEPTIONS
> >         grow ();
> > #else
> >         if (error e = grow ())
> >           return e;
> > #endif
> > 
> > printf("%p: new buffer at %p, top %p\n", this, data_, top() );
> >       }
> > 
> > -------------------------------------------------------------------------------
> > 
> > _start_element_impl (const ::xsde::cxx::ro_string& ns,
> >                      const ::xsde::cxx::ro_string& n)
> > {
> >   ::xsde::cxx::parser::context& ctx = this->_context ();
> > 
> >   v_state_& vs = *static_cast< v_state_* > (this->v_state_stack_.top
> > ());
> >   v_state_descr_* vd = vs.data + (vs.size - 1);
> >   printf("set vs\n");
> > 
> >   if (vd->func == 0 && vd->state == 0)
> >   {
> >     typedef ::xsde::cxx::parser::validating::complex_content base;
> >     if (base::_start_element_impl (ns, n))
> >       return true;
> >     else
> >       vd->state = 1;
> >   }
> > 
> >   while (vd->func != 0)
> >   {
> >     (this->*vd->func) (vd->state, vd->count, ns, n, true);
> > 
> >   printf("read vs\n");
> >     vd = vs.data + (vs.size - 1);
> > 
> >     if (vd->state == ~0UL && !ctx.error_type ())
> >       vd = vs.data + (--vs.size - 1);
> >     else
> >       break;
> >   }
> > 
> > -------------------------------------------------------------------------------
> > 
> > log:
> > 
> > read vs
> > set vs
> > set vs
> > 0x7feffc5a0: growing stack, old buffer at 0x8511660, top 0x85116d0
> > 0x7feffc5a0: new buffer at 0x8513f70, top 0x8513fe0
> > 0x7feffc468: growing stack, old buffer at 0x8511720, top 0x85117c8
> > 0x7feffc468: new buffer at 0x85140b0, top 0x8514158
> > 0x7feffc568: growing stack, old buffer at 0x8511820, top 0x8511827
> > 0x7feffc568: new buffer at 0x8514270, top 0x8514277
> > 0x7feffc538: growing stack, old buffer at 0x8511870, top 0x8511b48
> > 0x7feffc538: new buffer at 0x85142c0, top 0x8514598
> > read vs
> > 
> > after this, valgrind reports reads from the old buffer that has just
> > been deleted.
> > 
> > The XML input that triggers this is structured like this:
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > <a>
> > <b/>
> > </a>
> > </a>
> > </a>
> > </a>
> > </a>
> > </a>
> > </a>
> > </a>
> > </a>
> 




More information about the xsde-users mailing list