Assertion Failure in Xmllint at xmllint.c:3099
Hello,
We are currently working on a new fuzz testing feature, and we found a crash in xmllint.
Step to Reproduce
We configured and built zlib using CFLAGS="-g -O0 -fPIC" ./configure --static
and make
and configured xmllint using CFLAGS="-g -O0" ./configure --with-zlib=${ZLIB_PATH}
and built using make
,
and run it with:
./xmllint --schematron --xpath --noent --nodefdtd --xmlout --html <attached_file> --chkregister
Attachment: poc_0002.txt
Environment
- OS: Ubuntu 18.04.4 LTS
- Compiler: gcc 7.5.0
- libxml2 version: 2.9.10 (ftp://xmlsoft.org/libxml2/libxml2-sources-2.9.10.tar.gz)
- zlib version: 1.2.11 (https://www.zlib.net/zlib-1.2.11.tar.xz)
Additional context
Here's the stack trace: stack_trace_0002.txt
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff74698b1 in __GI_abort () at abort.c:79
#2 0x00007ffff745942a in __assert_fail_base (fmt=0x7ffff75e0a38 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x64a1ab "node->_private != NULL", file=file@entry=0x64a1a1 "xmllint.c", line=line@entry=3099, function=function@entry=0x64a890 <__PRETTY_FUNCTION__.10294> "deregisterNode") at assert.c:92
#3 0x00007ffff74594a2 in __GI___assert_fail (assertion=0x64a1ab "node->_private != NULL", file=0x64a1a1 "xmllint.c", line=3099, function=0x64a890 <__PRETTY_FUNCTION__.10294> "deregisterNode") at assert.c:101
#4 0x000000000040e6a9 in deregisterNode ()
#5 0x0000000000472ea2 in xmlFreeDoc ()
#6 0x000000000040cac0 in parseAndPrintFile ()
#7 0x0000000000412685 in main ()
Thank you.