Bug #6892


segfault of interpreter (possibly related to libxml-ruby)

Added by bzaborow (Bartosz Zaborowski) almost 10 years ago. Updated over 9 years ago.

Third Party's Issue
Target version:
ruby -v:
ruby 1.9.3p194 (2012-04-20 revision 35410)


I get a segfault of interpreter in some code of libxml-ruby extension. It is very susceptible to slight changes of my script, even totally unrelated to libxml-ruby, so I report it here.
Segfault is reproducible 90% of times on 2 different computers with different linux distros. Segfault message is attached as well as the code and data needed to reproduce.

Steps to reproduce:

  1. gem install libxml-ruby
  2. untar the archive, cd into libxml-ruby-bug/test directory
  3. run ../crash.rb
  4. wait a bit
  5. bang!

2a. If ../crash.rb doesn't fail, try ../full_script.rb (more messy code, but segfaults every time for me).

The crash.rb code is truncated a bit till it started to be sensitive even to such changes like removing of an empty, unused method. Unfortunately it is still large.
The script processes few sets of xml files. It doesn't crash when run on single set (or I didn't found such a set). The order of xmls processed also matters.

My system info:

gentoo distro, ruby interpreter installed from distro, libxml-ruby (2.3.3) installed with gem; libxml2 version: 2.8.0
gcc (Gentoo 4.5.3-r2 p1.5, pie-0.4.7) 4.5.3
CFLAGS="-march=native -O2 -pipe"


libxml-ruby-bug.tar.gz (1020 KB) libxml-ruby-bug.tar.gz code and data bzaborow (Bartosz Zaborowski), 08/20/2012 10:32 AM
message.txt (18.7 KB) message.txt segfault message bzaborow (Bartosz Zaborowski), 08/20/2012 10:32 AM
gem_list.txt (71 Bytes) gem_list.txt gem list bzaborow (Bartosz Zaborowski), 08/20/2012 10:32 AM
gem_env.txt (672 Bytes) gem_env.txt gem env bzaborow (Bartosz Zaborowski), 08/20/2012 10:32 AM

Updated by drbrain (Eric Hodel) almost 10 years ago

Can you reproduce the segfault without loading libxml-ruby?

Updated by mame (Yusuke Endoh) over 9 years ago

  • Status changed from Open to Third Party's Issue
  • Assignee set to authorNari (Narihiro Nakamura)
  • Target version set to 2.0.0

This is very subtle bug.

libxml makes sure to free a object by writing NULL to the entries,
which breaks Ruby internal finalizing list.

Applying the following patch to libxml fixes the issue in my
But because I'm not familiar with libxml internal, the fix may not
be appropriate. Could you contact on libxml developer(s)?


diff --git a/ext/libxml/ruby_xml_node.c b/ext/libxml/ruby_xml_node.c
index 926875c..174d17d 100644
--- a/ext/libxml/ruby_xml_node.c
+++ b/ext/libxml/ruby_xml_node.c
@@ -50,8 +50,6 @@ static void rxml_node_deregisterNode(xmlNodePtr xnode)
try to free the node a second time. */
VALUE node = (VALUE) xnode->_private;
RDATA(node)->data = NULL;

  • RDATA(node)->dfree = NULL;
  • RDATA(node)->dmark = NULL;

Yusuke Endoh


Also available in: Atom PDF