Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault with xml serialisation #96

Open
jcamiel opened this issue Feb 9, 2022 · 4 comments
Open

Segmentation fault with xml serialisation #96

jcamiel opened this issue Feb 9, 2022 · 4 comments
Labels
bug

Comments

@jcamiel
Copy link
Contributor

jcamiel commented Feb 9, 2022
edited
Loading

I'm tracking a bug in Hurl, our cli tool that is using libxml crate.
I think I've a very small and reproductible segmentation fault that is occurring in a multithreaded context (for instance in Rust unit test):

use libxml::tree::{Document, Node};

fn main() {
}


fn to_xml() -> String {
    let doc = Document::new().unwrap();
    let mut books = Node::new("books", None, &doc).unwrap();
    books.add_text_child(None, "book", "Dune").unwrap();
    books.add_text_child(None, "book", "Les Misérables").unwrap();
    doc.node_to_string(&books)
}

#[cfg(test)]
mod tests {
    use crate::to_xml;

    #[test]
    fn it_works_0() {
        assert_eq!(to_xml(), "<books><book>Dune</book><book>Les Misérables</book></books>");
    }

    #[test]
    fn it_works_1() {
        assert_eq!(to_xml(), "<books><book>Dune</book><book>Les Misérables</book></books>");
    }

    #[test]
    fn it_works_2() {
        assert_eq!(to_xml(), "<books><book>Dune</book><book>Les Misérables</book></books>");
    }

    #[test]
    fn it_works_3() {
        assert_eq!(to_xml(), "<books><book>Dune</book><book>Les Misérables</book></books>");
    }

}

To reproduce:

  1. execute test with cargo test
  2. execute the binary constructed by cargo test in a loop
  3. wait
$ cargo test
    Finished test [unoptimized + debuginfo] target(s) in 0.11s
     Running unittests (target/debug/deps/testxml-18c058ecf11c8588)

running 4 tests
test tests::it_works_0 ... ok
test tests::it_works_1 ... ok
test tests::it_works_3 ... ok
test tests::it_works_2 ... ok

test result: ok. 4 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
$ ./run.sh
running 4 tests
test tests::it_works_0 ... ok
test tests::it_works_2 ... ok
test tests::it_works_1 ... ok
test tests::it_works_3 ... ok

test result: ok. 4 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
...
running 4 tests
./run.sh: line 7: 59200 Segmentation fault: 11  target/debug/deps/testxml-18c058ecf11c8588

with run.sh:

#!/bin/bash
set -eu

for ((i=0; i<1000; i++))
do
target/debug/deps/testxml-18c058ecf11c8588
done

My environnement:

Segmentation fault on:

  • macOS 10.14.6
  • Rust 1.58.1 and Rust 1.56

I'm trying to setup an environment (like a Github action) where I can easily reproduce it.

I'm really not sure if this is a bug of the crate but the code seems so innocuous that I don' t know where to look.

By the way, thank you very much for your invaluable work, we're otherwise very happy with with crate,

Jc
@jcamiel
Copy link
Contributor Author

jcamiel commented Feb 9, 2022
edited
Loading

I've reproduced the crash in a GitHub project, in a GitHub Action CI.
The runner image is a Windows 10 latest (I've only reproduced this bug on my local Mojave macOS, on a local Windows and on a Github Windows image):

Projet: https://github.com/jcamiel/testxml
Example on failed action:
https://github.com/jcamiel/testxml/runs/5128335050?check_suite_focus=true

The command used: cargo test.

Output:

Caused by:
[26](https://github.com/jcamiel/testxml/runs/5128335050?check_suite_focus=true#step:7:26)
  process didn't exit successfully: `D:\a\testxml\testxml\target\debug\deps\testxml-58be2f76bfcfbc4e.exe` (exit code: 0xc0000005, STATUS_ACCESS_VIOLATION)
[27](https://github.com/jcamiel/testxml/runs/5128335050?check_suite_focus=true#step:7:27)
Error: Process completed with exit code 1.

@dginev
Copy link
Member

dginev commented Feb 9, 2022

Thank you for the detailed report and testing @jcamiel ! I am not particularly looking forward to debugging this to a patch, but I guess I'll have to 😅

If I'm lucky it will be a matter of deferring some "free-on-drop" until a parent gets freed, but let's see...

@jcamiel
Copy link
Contributor Author

jcamiel commented Feb 9, 2022

If I can help in any way, don't hesitate to ping me, event to test tiny changes. I can reproduce it easily on my Mac but I don't know how to have debug information (maybe with gdb from a core dump ?). We try to reproduce it on a Linux image but everything seems correct.

@jcamiel
Copy link
Contributor Author

jcamiel commented Feb 10, 2022

I've updated the GitHub project with a simpler snippet:

se libxml::tree::{Document, Node};

fn main() {
}

fn to_xml() -> String {
    let doc = Document::new().unwrap();
    let books = Node::new("books", None, &doc).unwrap();
    doc.node_to_string(&books)
}

#[cfg(test)]
mod tests {
    use crate::to_xml;

    #[test]
    fn it_works_0() {
        assert_eq!(to_xml(), "<books/>");
    }

    #[test]
    fn it_works_1() {
        assert_eq!(to_xml(), "<books/>");
    }

    #[test]
    fn it_works_2() {
        assert_eq!(to_xml(), "<books/>");
    }

    #[test]
    fn it_works_3() {
        assert_eq!(to_xml(), "<books/>");
    }
}

@dginev dginev added the bug label Nov 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dginev @jcamiel