AddressSanitizer: attempting free on address which was not malloc()-ed
When libxslt-1.1.39 is compiled with --with-debug --with-mem-debug
it shows the following error:
$ xsltproc -o gdbus-codegen.1 http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl gdbus-codegen.xml
=================================================================
==51345==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x50b000001d48 in thread T0
#0 0x4c6696 in free /var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.6/work/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
#1 0x70084f061ac2 in xsltFreeParserContext /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/pattern.c:285:5
#2 0x70084f0558ea in xsltCompilePatternInternal /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/pattern.c:1978:5
#3 0x70084f056130 in xsltAddTemplate /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/pattern.c:2080:11
#4 0x70084f03f49c in xsltParseStylesheetTemplate /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:5464:5
#5 0x70084f035748 in xsltParseStylesheetTop /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6196:6
#6 0x70084f031833 in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6452:2
#7 0x70084f0a3f56 in xsltParseStylesheetInclude /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/imports.c:265:14
#8 0x70084f035381 in xsltParseStylesheetTop /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6174:10
#9 0x70084f031833 in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6452:2
#10 0x70084f035dbd in xsltParseStylesheetUser /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6660:9
#11 0x70084f035b47 in xsltParseStylesheetImportedDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6530:9
#12 0x70084f0a34f0 in xsltParseStylesheetImport /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/imports.c:171:11
#13 0x70084f03499a in xsltParseStylesheetTop /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6121:11
#14 0x70084f031833 in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6452:2
#15 0x70084f035dbd in xsltParseStylesheetUser /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6660:9
#16 0x70084f035b47 in xsltParseStylesheetImportedDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6530:9
#17 0x70084f03688d in xsltParseStylesheetDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6703:12
#18 0x506de5 in main /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/xsltproc/xsltproc.c:855:9
#19 0x70084eb52b36 in __libc_start_call_main /var/tmp/portage/sys-libs/glibc-2.38-r9/work/glibc-2.38/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#20 0x70084eb52bf4 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.38-r9/work/glibc-2.38/csu/../csu/libc-start.c:360:3
#21 0x42a570 (/usr/bin/xsltproc+0x42a570)
0x50b000001d48 is located 40 bytes inside of 104-byte region [0x50b000001d20,0x50b000001d88)
allocated by thread T0 here:
#0 0x4c693e in malloc /var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.6/work/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
#1 0x70084eead726 in xmlMallocLoc /var/tmp/portage/dev-libs/libxml2-2.12.4/work/libxml2-2.12.4/xmlmemory.c:160:20
#2 0x70084f05def5 in xsltNewParserContext /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/pattern.c:262:34
#3 0x70084f053a1f in xsltCompilePatternInternal /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/pattern.c:1843:12
#4 0x70084f056130 in xsltAddTemplate /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/pattern.c:2080:11
#5 0x70084f03f49c in xsltParseStylesheetTemplate /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:5464:5
#6 0x70084f035748 in xsltParseStylesheetTop /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6196:6
#7 0x70084f031833 in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6452:2
#8 0x70084f0a3f56 in xsltParseStylesheetInclude /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/imports.c:265:14
#9 0x70084f035381 in xsltParseStylesheetTop /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6174:10
#10 0x70084f031833 in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6452:2
#11 0x70084f035dbd in xsltParseStylesheetUser /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6660:9
#12 0x70084f035b47 in xsltParseStylesheetImportedDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6530:9
#13 0x70084f0a34f0 in xsltParseStylesheetImport /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/imports.c:171:11
#14 0x70084f03499a in xsltParseStylesheetTop /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6121:11
#15 0x70084f031833 in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6452:2
#16 0x70084f035dbd in xsltParseStylesheetUser /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6660:9
#17 0x70084f035b47 in xsltParseStylesheetImportedDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6530:9
#18 0x70084f03688d in xsltParseStylesheetDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6703:12
#19 0x506de5 in main /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/xsltproc/xsltproc.c:855:9
#20 0x70084eb52b36 in __libc_start_call_main /var/tmp/portage/sys-libs/glibc-2.38-r9/work/glibc-2.38/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: bad-free /var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.6/work/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 in free
==51345==ABORTING
Aborted
Without ASAN I simply get:
$ xsltproc -o gdbus-codegen.1 http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl gdbus-codegen.xml
munmap_chunk(): invalid pointer
Aborted
For completeness, if I miss the URL argument I get a different error:
$ xsltproc -o gdbus-codegen.1 gdbus-codegen.xml
compilation error: file gdbus-codegen.xml line 1 element refentry
xsltParseStylesheetProcess : document is not a stylesheet
=================================================================
==16538==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x510000000368 in thread T0
#0 0x4c6696 in free /var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.6/work/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
#1 0x7d53f3d36c51 in xsltTransformError /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xsltutils.c:784:2
#2 0x7d53f3d24878 in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6462:6
#3 0x7d53f3d28dbd in xsltParseStylesheetUser /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6660:9
#4 0x7d53f3d28b47 in xsltParseStylesheetImportedDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6530:9
#5 0x7d53f3d2988d in xsltParseStylesheetDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6703:12
#6 0x506de5 in main /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/xsltproc/xsltproc.c:855:9
#7 0x7d53f3845b36 in __libc_start_call_main /var/tmp/portage/sys-libs/glibc-2.38-r9/work/glibc-2.38/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#8 0x7d53f3845bf4 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.38-r9/work/glibc-2.38/csu/../csu/libc-start.c:360:3
#9 0x42a570 (/usr/bin/xsltproc+0x42a570)
0x510000000368 is located 40 bytes inside of 190-byte region [0x510000000340,0x5100000003fe)
allocated by thread T0 here:
#0 0x4c693e in malloc /var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.6/work/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
#1 0x7d53f3ba0726 in xmlMallocLoc /var/tmp/portage/dev-libs/libxml2-2.12.4/work/libxml2-2.12.4/xmlmemory.c:160:20
#2 0x7d53f3d36a5f in xsltTransformError /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xsltutils.c:781:5
#3 0x7d53f3d24878 in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6462:6
#4 0x7d53f3d28dbd in xsltParseStylesheetUser /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6660:9
#5 0x7d53f3d28b47 in xsltParseStylesheetImportedDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6530:9
#6 0x7d53f3d2988d in xsltParseStylesheetDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6703:12
#7 0x506de5 in main /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/xsltproc/xsltproc.c:855:9
#8 0x7d53f3845b36 in __libc_start_call_main /var/tmp/portage/sys-libs/glibc-2.38-r9/work/glibc-2.38/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: bad-free /var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.6/work/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 in free
==16538==ABORTING
Aborted
NOTE that I can reproduce this issue with libxml2-2.12.4 - works for me with at least libxml2-2.11.6
I'm attaching also docbook.xsl gdbus-codegen.xml
Downstream bug: https://bugs.gentoo.org/923267