LoginHomeBugs & FeaturesDocumentationDownloadForums

Return to Bugs & Features · Post Text · Post File

ID:101
Status:5 - New
Priority:4 - High, e.g. key functionality not working
Scope:3 - Applies to all machines and operating systems
Subsystem:Unassigned
Summary:memory leak in mxml_load_data()
Version:Trunk
Created By:smk
Assigned To:Unassigned
Fix Version:Unassigned
Update Notification:

Receive EMails Don't Receive EMails

Trouble Report Files:

Post File

Name/Time/DateFilename
smk
02:14 Nov 04, 2009		multiple_root.patch

Trouble Report Dialog:

Name/Time/DateText
smk
02:14 Nov 04, 2009		Consider this small example:

#include <mxml.h>

int main(int argc, char**argv)
{
  const char *xmlstr = "<a/><b/>";
  mxml_node_t *tree = mxmlLoadString(NULL, xmlstr, MXML_OPAQUE_CALLBACK);
  mxmlDelete(tree);
  return 0;
}

This is mxmls DEBUG-output when running the code shown above:

mxml_string_getc: < (0x003c)
mxml_string_getc: a (0x0061)
mxml_string_getc: / (0x002f)
mxmlNewElement(parent=(nil), name="a")
mxml_new(parent=(nil), type=0)
    returning 0x804b1f8
mxml_string_getc: > (0x003e)
mxml_string_getc: < (0x003c)
mxml_string_getc: b (0x0062)
mxml_string_getc: / (0x002f)
mxmlNewElement(parent=(nil), name="b")
mxml_new(parent=(nil), type=0)
    returning 0x804b238
mxml_string_getc: > (0x003e)
mxmlDelete(node=0x804b1f8)
mxmlRemove(node=0x804b1f8)

Memory for the first node (and all of its children) is freed correctly. But the memory allocated for "<b/>" is lost.

The reason is: when mxml_load_data() is called with top==NULL, the parsing routine creates multiple nodes with no parent and only returns the first one (pointed to by the "first" variable).

When called with top==NULL, mxml_load_data() should only create exactly one node with parent==NULL (see attached patch). Maybe there's a better solution?

One could argue, that the example above is not valid XML, but a library routine should *never* leak memory, regardless of its input values.

And the example is not just a theoretical one. I found the leak because some user loaded the following into my program:
<!DOCTYPE ...>
<html>...
and I'm still using libmxml 2.4, where declaration-nodes do not automatically become a new parent-node. Something like
<!-- bla -->
<html>...
would still trigger the leakage today in the trunk.

Do you agree, Mike?
Copyright 2003-2009 by Michael Sweet. This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.