Opened 8 days ago
Last modified 4 days ago
#11236 new defect
"dashdec.c" crash of "xmlCleanupParser"
| Reported by: | gorilla.maguila | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avformat |
| Version: | git-master | Keywords: | dashdec xml |
| Cc: | MasterQuestionable | Blocked By: | |
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
We have developed an android app that uses FFmpeg's libraries in a multi threaded app and dashdec.c crashes with the following stacktrace:
2024-10-09 15:51:53.490 25707-25707 DEBUG crash_dump64 A Cmdline: com.example.android 2024-10-09 15:51:53.490 25707-25707 DEBUG crash_dump64 A pid: 23648, tid: 24220, name: pool-7-thread-2 >>> com.example.android <<< 2024-10-09 15:51:53.490 25707-25707 DEBUG crash_dump64 A #04 pc 00000000002b21c8 /data/app/~~3LOJM6as2DkI6XF-fC26qw==/com.example.android-dKKUeHjMMTlapfexrVoEMQ==/lib/arm64/libavformat.so (xmlCleanupParser+44) 2024-10-09 15:51:53.490 25707-25707 DEBUG crash_dump64 A #05 pc 00000000001703e8 /data/app/~~3LOJM6as2DkI6XF-fC26qw==/com.example.android-dKKUeHjMMTlapfexrVoEMQ==/lib/arm64/libavformat.so (parse_manifest+416) 2024-10-09 15:51:53.490 25707-25707 DEBUG crash_dump64 A #06 pc 000000000016faf0 /data/app/~~3LOJM6as2DkI6XF-fC26qw==/com.example.android-dKKUeHjMMTlapfexrVoEMQ==/lib/arm64/libavformat.so (dash_read_header+64) 2024-10-09 15:51:53.490 25707-25707 DEBUG crash_dump64 A #07 pc 00000000001747f8 /data/app/~~3LOJM6as2DkI6XF-fC26qw==/com.example.android-dKKUeHjMMTlapfexrVoEMQ==/lib/arm64/libavformat.so (avformat_open_input+396)
It seems that xmlCleanupParser is not thread safe.
https://mail.gnome.org/archives/xml/2012-October/msg00044.html
Change History (5)
comment:1 by , 7 days ago
follow-up: 3 comment:2 by , 6 days ago
Well in case of doubt documentation recommends not calling xmlCleanupParser:
https://gnome.pages.gitlab.gnome.org/libxml2/devhelp/libxml2-parser.html#xmlCleanupParser
Not sure what's the best approach, just users be advised that if your application uses libxml2 and libavformat, calling xmlCleanupParser may crash your app as it deallocates the whole libxml2 library.
comment:3 by , 4 days ago
Replying to gorilla.maguila:
Well in case of doubt documentation recommends not calling xmlCleanupParser:
https://gnome.pages.gitlab.gnome.org/libxml2/devhelp/libxml2-parser.html#xmlCleanupParser
Not sure what's the best approach, just users be advised that if your application uses libxml2 and libavformat, calling xmlCleanupParser may crash your app as it deallocates the whole libxml2 library.
Yes, i looked at that, but there will leak if remove it, perhaps should implement a tiny xml parser, but need more time to think about that.
comment:4 by , 4 days ago
Of course we should implement a XML parser with exactly the features we need. Unfortunately, that project has been repeatedly blocked by short-sighted people who believe it would be too hard. They believe so in part because they do not realize how much useless features there are in XML and how much supporting these useless features is what makes XML libraries so complex. And they believe so in part because it would be too hard for them. Unfortunately, they are in the side that has the majority in our dysfunctional democracy.
comment:5 by , 4 days ago
| Cc: | added |
|---|---|
| Keywords: | xml added |
| Summary: | dashdec.c CRASH xmlCleanupParser → "dashdec.c" crash of "xmlCleanupParser" |
͏ XML parser implementation reference:
͏ https://github.com/orgs/community/discussions/5972#discussioncomment-7809031
͏ (not directly related, but somehow help)
͏ Also: https://github.com/orgs/community/discussions/48072#discussioncomment-8390798
͏ (handles nested; but extra restriction on "<" in attribute value)
Isn't this libxml2's problem?