#780147 tinyxmlparser.cpp:543: static bool TiXmlBase::StringEqual(const char*, const char*, bool, TiXmlEncoding): Assertion `0' failed.

#780147#3
Date:
2015-03-09 20:13:49 UTC
From:
To:
TinyXml crashes with failed assertion while trying to parse the attached
file:

$ make prettyprintxml CXXFLAGS="-g -O2 -Wall" LDFLAGS=-ltinyxml
g++ -g -O2 -Wall  -ltinyxml  prettyprintxml.cc   -o prettyprintxml
$ ./prettyprintxml badxml.xml
prettyprintxml: tinyxmlparser.cpp:543: static bool TiXmlBase::StringEqual(const char*, const char*, bool, TiXmlEncoding): Assertion `0' failed.
Aborted


Backtrace:

#0  0xf7fdc425 in __kernel_vsyscall ()
#1  0xf7c5d307 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#2  0xf7c5e9c3 in __GI_abort () at abort.c:89
#3  0xf7c56687 in __assert_fail_base (fmt=0xf7d90794 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0xf7fb8751 "0", file=file@entry=0xf7fb8d76 "tinyxmlparser.cpp", line=line@entry=543, function=function@entry=0xf7fb93c0 <TiXmlBase::StringEqual(char const*, char const*, bool, TiXmlEncoding)::__PRETTY_FUNCTION__> "static bool TiXmlBase::StringEqual(const char*, const char*, bool, TiXmlEncoding)") at assert.c:92
#4  0xf7c56737 in __GI___assert_fail (assertion=0xf7fb8751 "0", file=0xf7fb8d76 "tinyxmlparser.cpp", line=543, function=0xf7fb93c0 <TiXmlBase::StringEqual(char const*, char const*, bool, TiXmlEncoding)::__PRETTY_FUNCTION__> "static bool TiXmlBase::StringEqual(const char*, const char*, bool, TiXmlEncoding)") at assert.c:101
#5  0xf7fb5674 in TiXmlBase::StringEqual (p=p@entry=0x804fbbf "", tag=tag@entry=0xf7fb8e08 "version", ignoreCase=ignoreCase@entry=true, encoding=encoding@entry=TIXML_ENCODING_UNKNOWN) at tinyxmlparser.cpp:543
#6  0xf7fb7862 in TiXmlDeclaration::Parse (this=0x804fbc8, p=0x804fbbf "", data=0xffffd620, _encoding=TIXML_ENCODING_UNKNOWN) at tinyxmlparser.cpp:1603
#7  0xf7fb625b in TiXmlDocument::Parse (this=0xffffd748, p=0x804fbb8 "<?xml?\n", prevData=0x0, encoding=TIXML_ENCODING_UNKNOWN) at tinyxmlparser.cpp:759
#8  0xf7fb13db in TiXmlDocument::LoadFile (this=this@entry=0xffffd748, file=file@entry=0x804fa50, encoding=encoding@entry=TIXML_ENCODING_UNKNOWN) at tinyxml.cpp:1054
#9  0xf7fb153c in TiXmlDocument::LoadFile (this=this@entry=0xffffd748, _filename=0x804fa1c "badxml.xml", encoding=encoding@entry=TIXML_ENCODING_UNKNOWN) at tinyxml.cpp:952
#10 0xf7fb15fa in TiXmlDocument::LoadFile (this=0xffffd748, encoding=TIXML_ENCODING_UNKNOWN) at tinyxml.cpp:933
#11 0x08048ded in main (argc=2, argv=0xffffd854) at prettyprintxml.cc:13


This bug was found using American fuzzy lop:
http://lcamtuf.coredump.cx/afl/
(available in Debian experimental)