Locally saving changes to a Mallard page already opened in Yelp reproducibly crashes Yelp (part two)
This is a continuation of #122 (closed). If viewing a mallard file that I have opened locally, changing anything in the file and then saving the file causes yelp to immediately crash. E.g.:
$ git clone https://gitlab.gnome.org/Teams/Engagement/release-notes.git
$ git checkout gnome-40
$ cd help/C
$ yelp index.page
Now open index.page in gedit, make any change, and save. Yelp 40.beta will crash. Backtrace:
(gdb) bt full
#0 xmlXPathOrderDocElems__internal_alias (doc=doc@entry=0x7fcb78043790) at ../xpath.c:3272
count = 0
cur = 0x776569767265766f
#1 0x00007fcba5c85338 in xsltNewTransformContext (style=<optimized out>, doc=0x7fcb78043790)
at /usr/src/debug/libxslt-1.1.34-5.fc34.x86_64/libxslt/transform.c:688
cur = 0x7fca5c585aa0
docu = <optimized out>
i = <optimized out>
#2 0x00007fcbaa3a241e in transform_run (transform=0x55b588eef680) at libyelp/yelp-transform.c:379
priv = 0x55b588eef610
#3 0x00007fcba608ca92 in g_thread_proxy (data=0x55b588c098c0) at ../glib/gthread.c:826
thread = 0x55b588c098c0
__func__ = "g_thread_proxy"
#4 0x00007fcba2d44299 in start_thread (arg=0x7fcb916fe640) at pthread_create.c:473
ret = <optimized out>
pd = 0x7fcb916fe640
unwind_buf =
{cancel_jmp_buf = {{jmp_buf = {140512295118400, 6066848883002025466, 140512069675070, 140512069675071, 0, 140512295118400, -6077919727197379078, -6078026323750574598}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = 0
#5 0x00007fcba5f3a6a3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
With 40.beta, the first error reported by valgrind is:
==1418804== Thread 52 transform-run:
==1418804== Invalid read of size 8
==1418804== at 0x905CBB9: xmlXPathOrderDocElems (xpath.c:3270)
==1418804== by 0x8FB6337: xsltNewTransformContext (transform.c:688)
==1418804== by 0x488641D: transform_run (yelp-transform.c:379)
==1418804== by 0x8B68A91: g_thread_proxy (gthread.c:826)
==1418804== by 0xBED5298: start_thread (pthread_create.c:473)
==1418804== by 0x8D1F6A2: clone (clone.S:95)
==1418804== Address 0x1f1ae5c8 is 24 bytes inside a block of size 176 free'd
==1418804== at 0x48409F1: free (vg_replace_malloc.c:538)
==1418804== by 0x9025190: xmlFreeDoc (tree.c:1260)
==1418804== by 0x488013C: mallard_page_data_free (yelp-mallard-document.c:767)
==1418804== by 0x8B24241: g_hash_table_remove_all_nodes.part.0 (ghash.c:706)
==1418804== by 0x8B24EA2: UnknownInlinedFun (ghash.c:628)
==1418804== by 0x8B24EA2: g_hash_table_remove_all (ghash.c:1883)
==1418804== by 0x488C857: mallard_monitor_changed.lto_priv.0 (yelp-mallard-document.c:1157)
==1418804== by 0x892D5B2: _g_cclosure_marshal_VOID__OBJECT_OBJECT_ENUMv (gmarshal-internal.c:1380)
==1418804== by 0x8ABB849: UnknownInlinedFun (gclosure.c:873)
==1418804== by 0x8ABB849: g_signal_emit_valist (gsignal.c:3406)
==1418804== by 0x8ABB992: g_signal_emit (gsignal.c:3553)
==1418804== by 0x89EC9A5: g_file_monitor_source_dispatch (glocalfilemonitor.c:567)
==1418804== by 0x8B3A376: UnknownInlinedFun (gmain.c:3337)
==1418804== by 0x8B3A376: g_main_context_dispatch (gmain.c:4055)
==1418804== by 0x8B8E2C7: g_main_context_iterate.constprop.0 (gmain.c:4131)
==1418804== Block was alloc'd at
==1418804== at 0x483F805: malloc (vg_replace_malloc.c:307)
==1418804== by 0x90238B7: xmlNewDoc (tree.c:1171)
==1418804== by 0x90D6968: xmlSAX2StartDocument (SAX2.c:1013)
==1418804== by 0x901F210: xmlParseDocument (parser.c:10691)
==1418804== by 0x901FCE3: xmlDoRead.lto_priv.0 (parser.c:15221)
==1418804== by 0x487CCFA: mallard_page_data_walk (yelp-mallard-document.c:516)
==1418804== by 0x488281A: mallard_think.lto_priv.0 (yelp-mallard-document.c:377)
==1418804== by 0x8B68A91: g_thread_proxy (gthread.c:826)
==1418804== by 0xBED5298: start_thread (pthread_create.c:473)
==1418804== by 0x8D1F6A2: clone (clone.S:95)