zorba-coders team mailing list archive

Thread
Date

[Bug 855314] [NEW] Assertion failed in typemanager with for and el constuctor

To: zorba-coders@xxxxxxxxxxxxxxxxxxx
From: Federico Cavalieri <855314@xxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Sep 2011 08:01:24 -0000
Reply-to: Bug 855314 <855314@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Public security bug reported:

The following query:

declare function local:crash() as element()*
{
  for $id in (1,2) 
  return element {"a:a"}{}
};
local:crash()    

raises this error:

/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x7c3fcb) [0x16c4fcb]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x7c408e) [0x16c508e]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0xe36379) [0x1d37379]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6232a0) [0x15242a0]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6215df) [0x15225df]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6afc6a) [0x15b0c6a]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a34d7) [0x15a44d7]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a356b) [0x15a456b]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a356b) [0x15a456b]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x69dbb9) [0x159ebb9]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x69fdbd) [0x15a0dbd]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d0d2f) [0x15d1d2f]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d094f) [0x15d194f]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d07a4) [0x15d17a4]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x41cc47) [0x131dc47]
/zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x41c839) [0x131d839]
/zorba/trunkbuild/bin/zorba() [0x8057c70]
/zorba/trunkbuild/bin/zorba() [0x80590ab]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0xab5e37]
/zorba/trunkbuild/bin/zorba() [0x8056011]
Zorba error [zerr:ZXQP0002]: "false": assertion failed; raised at /zorba/trunksrc/src/types/typemanagerimpl.cpp:723

Apparently if an element constructor raises a "can not convert to
expanded QName" error and the element constructor is rewritten, the
element constructor is replaced by an item containing the error message.
This sooner or later crashes zorba.

** Affects: zorba
     Importance: High
         Status: New

** Visibility changed to: Public

** Changed in: zorba
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Zorba
Coders, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/855314

Title:
  Assertion failed in typemanager with for and el constuctor

Status in Zorba - The XQuery Processor:
  New

Bug description:
  The following query:

  declare function local:crash() as element()*
  {
    for $id in (1,2) 
    return element {"a:a"}{}
  };
  local:crash()    

  raises this error:

  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x7c3fcb) [0x16c4fcb]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x7c408e) [0x16c508e]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0xe36379) [0x1d37379]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6232a0) [0x15242a0]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6215df) [0x15225df]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6afc6a) [0x15b0c6a]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a34d7) [0x15a44d7]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a356b) [0x15a456b]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6a356b) [0x15a456b]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x69dbb9) [0x159ebb9]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x69fdbd) [0x15a0dbd]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d0d2f) [0x15d1d2f]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d094f) [0x15d194f]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x6d07a4) [0x15d17a4]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x41cc47) [0x131dc47]
  /zorba/trunkbuild/src/libzorba_simplestore.so.2.0.1(+0x41c839) [0x131d839]
  /zorba/trunkbuild/bin/zorba() [0x8057c70]
  /zorba/trunkbuild/bin/zorba() [0x80590ab]
  /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0xab5e37]
  /zorba/trunkbuild/bin/zorba() [0x8056011]
  Zorba error [zerr:ZXQP0002]: "false": assertion failed; raised at /zorba/trunksrc/src/types/typemanagerimpl.cpp:723

  Apparently if an element constructor raises a "can not convert to
  expanded QName" error and the element constructor is rewritten, the
  element constructor is replaced by an item containing the error
  message. This sooner or later crashes zorba.

To manage notifications about this bug go to:
https://bugs.launchpad.net/zorba/+bug/855314/+subscriptions

Follow ups

[Bug 855314] Re: Assertion failed in typemanager with for and el constuctor
From: Markos Zaharioudakis, 2012-03-26
[Bug 855314] Re: Assertion failed in typemanager with for and el constuctor
From: Matthias Brantner, 2011-11-17
[Bug 855314] Re: Assertion failed in typemanager with for and el constuctor
From: Markos Zaharioudakis, 2011-09-28
[Bug 855314] Re: Assertion failed in typemanager with for and el constuctor
From: Markos Zaharioudakis, 2011-09-27
[Bug 855314] Re: Assertion failed in typemanager with for and el constuctor
From: Federico Cavalieri, 2011-09-27
[Bug 855314] Re: Assertion failed in typemanager with for and el constuctor
From: Federico Cavalieri, 2011-09-26
[Bug 855314] Re: Assertion failed in typemanager with for and el constuctor
From: Federico Cavalieri, 2011-09-26
[Bug 855314] [NEW] Assertion failed in typemanager with for and el constuctor
From: Federico Cavalieri, 2011-09-21

References

[Bug 855314] [NEW] Assertion failed in typemanager with for and el constuctor
From: Federico Cavalieri, 2011-09-21