Key constraint causes segfault on nested elements
Schema validation segfaults when an <xsd:key> constraint matches an element which is deeply nested into another matching element.
Steps to reproduce:
Schema-validate the attached XML file "NOK_duplicate_loop_name.otx" using this command:
xmllint --schema otx.xsd NOK_duplicate_loop_name.otx
Expected behavior: The validator should output a validation message like:
NOK_duplicate_loop_name.otx:9: element loop: Schemas validity error : Element '{http://iso.org/OTX/1.0.0}loop': Duplicate key-sequence ['myLoop'] in key identity-constraint '{http://iso.org/OTX/1.0.0}LoopKeyForBreakAndContinue'. NOK_duplicate_loop_name.otx fails to validate
Observed behavior:
xmllint prints the XML, then prints:
Segmentation fault
The segfault does not occur when you remove the "LoopKeyForBreakAndContinue" key constraint from the schema.
It also does not occur if you reduce the depth of the XML document, e.g. if you remove the two tags
<group id="g6">
<realisation>
and the corresponding closing tags.
Environment:
uname -a
Linux NBDG 5.15.133.1-microsoft-standard-WSL2
#1 SMP Thu Oct 5 21:02:42 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
xmllint --version
xmllint: using libxml version 20913 compiled with: Threads Tree Output Push Reader Patterns Writer SAXv1 FTP HTTP DTDValid HTML Legacy C14N Catalog XPath XPointer XInclude Iconv ICU ISO8859X Unicode Regexps Automata Schemas Schematron Modules Debug Zlib Lzma
We first ran into this problem using python3-lxml:
Python 3.8.5 (default, Jul 28 2020, 12:59:40)
[GCC 9.3.0] on linux
>>> print(lxml.etree.LXML_VERSION, lxml.etree.LIBXML_VERSION, lxml.etree.LIBXML_COMPILED_VERSION, lxml.etree.LIBXSLT_VERSION, lxml.etree.LIBXSLT_COMPILED_VERSION)
(4, 9, 1, 0) (2, 9, 14) (2, 9, 14) (1, 1, 35) (1, 1, 35)