2 Replies Latest reply: Oct 30, 2007 1:38 PM by Gmfeinberg-Oracle RSS

    Crash in 2.3.10 removeNodes

    604245
      Hello,

      We're getting a crash using dbxml-2.3.10, with patches 1-5 and 7, on Redhat ES 4.0. The crash happens when executing a "removeNodes" against a wholedoc database. We've distilled the crash to a simple "dbxml" test case:
      $ cat script

      createContainer c.db d
      openContainer c.db
      putDocument "test" "<foo><bar/> <baz/> </foo>"
      removeNodes /foo/baz
      quit

      $ rm -f c.db; dbxml -s script
      Segmentation fault (core dumped)
      Here is the gdb backtrace:
      Starting program: /home/mdriscoll/Bin/dbxml -s script
      [Thread debugging using libthread_db enabled]
      [New Thread -1208957248 (LWP 20645)]

      Program received signal SIGSEGV, Segmentation fault.
      [Switching to Thread -1208957248 (LWP 20645)]
      0x0042008b in DbXml::NsUtil::nsToUTF8 (mmgr=0x4ed1c4, dest=0x9b4bfcc, src=0x20, nchars=18, maxbytes=0,
          hasEntity=0x9b4bfe9, type=isCharacters) at NsUtil.cpp:142
      142     NsUtil.cpp: No such file or directory.
              in NsUtil.cpp
      Current language:  auto; currently c++
      (gdb) bt
      #0  0x0042008b in DbXml::NsUtil::nsToUTF8 (mmgr=0x4ed1c4, dest=0x9b4bfcc, src=0x20, nchars=18, maxbytes=0,
          hasEntity=0x9b4bfe9, type=isCharacters) at NsUtil.cpp:142
      #1  0x0043cea2 in DbXml::NsDomReader::childEvent (this=0x9b4bfc0) at NsDocument.hpp:144
      #2  0x0043cff9 in DbXml::NsDomReader::next (this=0x9b4bfc0) at NsDomReader.cpp:326
      #3  0x0043b52a in DbXml::EventReaderToWriter::doEvent (this=0x9b4c8c8, writer=0x9b494d4, isInternal=true)
          at EventReaderToWriter.cpp:146
      #4  0x0043b974 in DbXml::EventReaderToWriter::nextEvent (this=0x9b4c8c8, writer=0x9b494d4)
          at EventReaderToWriter.cpp:138
      #5  0x00432305 in DbXml::PullEventInputStream::readBytes (this=0x9b494c8, toFill=0xb7c0c034 "<foo><bar/> ",
          maxToRead=49140) at PullEventInputStream.cpp:74
      #6  0x0041f88e in DbXml::XmlBinStream::readBytes (this=0x9b45456, toFill=0xb7c0c034 "<foo><bar/> ", max=49152)
          at ../XmlInputStreamWrapper.hpp:31
      #7  0x0101a00a in xercesc_2_7::XMLReader::refreshRawBuffer () from /gdx/lib.Linux/libxerces-c.so.27
      #8  0x01017352 in xercesc_2_7::XMLReader::XMLReader () from /gdx/lib.Linux/libxerces-c.so.27
      #9  0x00f8e20f in xercesc_2_7::ReaderMgr::createReader () from /gdx/lib.Linux/libxerces-c.so.27
      #10 0x00f5f5db in xercesc_2_7::IGXMLScanner::scanReset () from /gdx/lib.Linux/libxerces-c.so.27
      #11 0x00f65548 in xercesc_2_7::IGXMLScanner::scanDocument () from /gdx/lib.Linux/libxerces-c.so.27
      #12 0x0041e46e in DbXml::NsSAX2Reader::parse (this=0x9b53274, source=@0xbfe52960) at NsSAX2Reader.cpp:340
      #13 0x00419fa5 in DbXml::NsSAX2Reader::parse (this=0x9b53274, is=0x9b2f224) at NsSAX2Reader.cpp:322
      #14 0x00392382 in DbXml::NsParserEventSource::start (this=0x20) at nodeStore/NsSAX2Reader.hpp:335
      #15 0x00418d9a in DbXml::NsPushEventSourceTranslator::start (this=0x20) at NsEvent.cpp:36
      #16 0x00405563 in DbXml::DocumentDatabase::updateContentAndIndex (this=0x9b04c78, new_document=@0x9b2f190,
          context=@0x9ae7a78, stash=@0x9ae7b24) at ScopedPtr.hpp:46
      #17 0x0036af2f in DbXml::Container::updateDocument (this=0x9aead78, txn=0x0, new_document=@0x9b2f190,
          context=@0x9ae7a78) at SharedPtr.hpp:68
      #18 0x0037c82d in UpdateDocumentFunctor::method (this=0x20, container=@0x9aead78, txn=0x0, flags=0)
          at TransactedContainer.cpp:167
      #19 0x0037b39b in DbXml::TransactedContainer::transactedMethod (this=0x9aead78, txn=0x0, flags=0, f=@0xbfe52bf0)
          at TransactedContainer.cpp:217
      #20 0x0037b5a4 in DbXml::TransactedContainer::updateDocument (this=0x9aead78, txn=0x0, document=@0x9b2f190,
          context=@0x9ae7a78) at TransactedContainer.cpp:164
      #21 0x0039d0a2 in DbXml::Modify::updateDocument (this=0x9b3dd50, txn=0x0, document=@0xbfe52ca0, context=@0xbfe530b0,
          uc=@0xbfe530b8)
          at /home/jcragin/mybuild/Build/build/dbxml/dbxml-2.3.10/dbxml/build_unix/../dist/../include/dbxml/XmlDocument.hpp:79
      #22 0x003a1870 in DbXml::Modify::execute (this=0x9b3dd50, txn=0x0, toModify=@0x9b3f048, context=@0xbfe530b0,
          uc=@0xbfe530b8) at Modify.cpp:922
      #23 0x00387a05 in DbXml::XmlModify::execute (this=0xbfe52d90, toModify=@0x9b3f048, context=@0xbfe530b0, uc=@0xbfe530b8)
          at XmlModify.cpp:155
      ---Type <return> to continue, or q <return> to quit---
      #24 0x0805ed16 in CommandException::~CommandException ()
      #25 0x08060896 in CommandException::~CommandException ()
      #26 0x08051388 in ?? ()
      #27 0x00b5ede3 in __libc_start_main () from /lib/tls/libc.so.6
      #28 0x08050469 in ?? ()
      (gdb)
      And here is the valgrind log:
      ==20652== 
      ==20652== Syscall param pwrite64(buf) points to uninitialised byte(s)
      ==20652==    at 0xD9E152: pwrite64 (in /lib/tls/libpthread-2.3.4.so)
      ==20652==    by 0x431004A: __os_io (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42FF2D1: __memp_pgwrite (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42FF522: __memp_bhwrite (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x430B249: __memp_sync_int (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x430B86A: __memp_fsync (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42B8E83: __db_sync (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42B824D: __db_refresh (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42B834B: __db_close (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42E9926: __fop_subdb_setup (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42CD46F: __db_open (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42C7263: __db_open_pp (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==  Address 0x4E64F48 is 560 bytes inside a block of size 16,435 alloc'd
      ==20652==    at 0x4004405: malloc (vg_replace_malloc.c:149)
      ==20652==    by 0x430E08C: __os_malloc (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42D710D: __db_shalloc (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42FDC40: __memp_alloc (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x430027A: __memp_fget (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42CC185: __db_new (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42B71CC: __db_master_update (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42E97D5: __fop_subdb_setup (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42CD46F: __db_open (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x42C7263: __db_open_pp (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x424E33B: Db::open(DbTxn*, char const*, char const*, DBTYPE, unsigned, int) (in /gdx/lib.Linux/libdb_cxx-4.5.so)
      ==20652==    by 0x40CC5F8: DbXml::DbWrapper::open(DbXml::Transaction*, DBTYPE, unsigned, int) (Transaction.hpp:58)
      ==20652==
      ==20652== Conditional jump or move depends on uninitialised value(s)
      ==20652==    at 0x491E86A: xercesc_2_7::XMLUTF8Transcoder::transcodeFrom(unsigned char const*, unsigned, unsigned short*, unsigned, unsigned&, unsigned char*) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x49080AF: xercesc_2_7::XMLReader::xcodeMoreChars(unsigned short*, unsigned char*, unsigned) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x49067BC: xercesc_2_7::XMLReader::refreshCharBuffer() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x487BC07: xercesc_2_7::ReaderMgr::peekNextChar() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x490C9A3: xercesc_2_7::XMLScanner::scanProlog() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853568: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x416046D: DbXml::NsSAX2Reader::parse(xercesc_2_7::InputSource const&) (NsSAX2Reader.cpp:340)
      ==20652==    by 0x415BFA4: DbXml::NsSAX2Reader::parse(DbXml::XmlInputStream**) (NsSAX2Reader.cpp:322)
      ==20652==    by 0x40D4381: DbXml::NsParserEventSource::start() (NsSAX2Reader.hpp:335)
      ==20652==    by 0x415AD99: DbXml::NsPushEventSourceTranslator::start() (NsEvent.cpp:36)
      ==20652==    by 0x40AE30F: DbXml::Container::indexAddDocument(DbXml::NsPushEventSource*, DbXml::Document&, DbXml::UpdateContext&) (Container.cpp:681)
      ==20652==    by 0x40AE8AC: DbXml::Container::addDocument(DbXml::Transaction*, DbXml::Document&, DbXml::UpdateContext&, unsigned) (Container.cpp:596)
      ==20652==
      ==20652== Invalid read of size 4
      ==20652==    at 0x417ECA7: DbXml::NsDomReader::childEvent() (NsNode.hpp:814)
      ==20652==    by 0x417EFF8: DbXml::NsDomReader::next() (NsDomReader.cpp:326)
      ==20652==    by 0x417D529: DbXml::EventReaderToWriter::doEvent(DbXml::XmlEventWriter*, bool) (EventReaderToWriter.cpp:146)
      ==20652==    by 0x417D973: DbXml::EventReaderToWriter::nextEvent(DbXml::EventWriter*) (EventReaderToWriter.cpp:138)
      ==20652==    by 0x4174304: DbXml::PullEventInputStream::readBytes(char*, unsigned) (PullEventInputStream.cpp:74)
      ==20652==    by 0x416188D: DbXml::XmlBinStream::readBytes(unsigned char*, unsigned) (XmlInputStreamWrapper.hpp:31)
      ==20652==    by 0x4908009: xercesc_2_7::XMLReader::refreshRawBuffer() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4905351: xercesc_2_7::XMLReader::XMLReader(unsigned short const*, unsigned short const*, xercesc_2_7::BinInputStream*, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool, bool, xercesc_2_7::XMLReader::XMLVersion, xercesc_2_7::MemoryManager*) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x487C20E: xercesc_2_7::ReaderMgr::createReader(xercesc_2_7::InputSource const&, bool, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x484D5DA: xercesc_2_7::IGXMLScanner::scanReset(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853547: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x416046D: DbXml::NsSAX2Reader::parse(xercesc_2_7::InputSource const&) (NsSAX2Reader.cpp:340)
      ==20652==  Address 0x4FB6BA0 is 0 bytes after a block of size 40 alloc'd
      ==20652==    at 0x4004405: malloc (vg_replace_malloc.c:149)
      ==20652==    by 0x4110996: DbXml::SimpleMemoryManager::allocate(unsigned) (Globals.cpp:67)
      ==20652==    by 0x4175B88: reallocTextList(xercesc2_7::MemoryManager*, DbXml::nsTextList*) (NsNode.cpp:541)
      ==20652==    by 0x4177335: DbXml::NsNode::addText(xercesc_2_7::MemoryManager*, DbXml::nsTextList*, void const*, unsigned, unsigned, bool, bool) (XPath2MemoryManager.hpp:357)
      ==20652==    by 0x415BE36: DbXml::NsHandlerBase::addText(void*, unsigned, unsigned, bool, bool) (NsHandlerBase.cpp:175)
      ==20652==    by 0x416CABB: DbXml::NsTransientDomBuilder::characters(unsigned short const*, unsigned, bool, bool) (NsTransientDomBuilder.cpp:191)
      ==20652==    by 0x415CF96: DbXml::NsSAX2Reader::docCharacters(unsigned short const*, unsigned, bool) (NsSAX2Reader.cpp:491)
      ==20652==    by 0x484DD9C: xercesc_2_7::IGXMLScanner::sendCharData(xercesc_2_7::XMLBuffer&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x48512A3: xercesc_2_7::IGXMLScanner::scanCharData(xercesc_2_7::XMLBuffer&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x485496E: xercesc_2_7::IGXMLScanner::scanContent() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853599: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x416046D: DbXml::NsSAX2Reader::parse(xercesc_2_7::InputSource const&) (NsSAX2Reader.cpp:340)
      ==20652==
      ==20652== Invalid read of size 1
      ==20652==    at 0x417ECD0: DbXml::NsDomReader::childEvent() (NsNode.hpp:821)
      ==20652==    by 0x417EFF8: DbXml::NsDomReader::next() (NsDomReader.cpp:326)
      ==20652==    by 0x417D529: DbXml::EventReaderToWriter::doEvent(DbXml::XmlEventWriter*, bool) (EventReaderToWriter.cpp:146)
      ==20652==    by 0x417D973: DbXml::EventReaderToWriter::nextEvent(DbXml::EventWriter*) (EventReaderToWriter.cpp:138)
      ==20652==    by 0x4174304: DbXml::PullEventInputStream::readBytes(char*, unsigned) (PullEventInputStream.cpp:74)
      ==20652==    by 0x416188D: DbXml::XmlBinStream::readBytes(unsigned char*, unsigned) (XmlInputStreamWrapper.hpp:31)
      ==20652==    by 0x4908009: xercesc_2_7::XMLReader::refreshRawBuffer() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4905351: xercesc_2_7::XMLReader::XMLReader(unsigned short const*, unsigned short const*, xercesc_2_7::BinInputStream*, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool, bool, xercesc_2_7::XMLReader::XMLVersion, xercesc_2_7::MemoryManager*) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x487C20E: xercesc_2_7::ReaderMgr::createReader(xercesc_2_7::InputSource const&, bool, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x484D5DA: xercesc_2_7::IGXMLScanner::scanReset(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853547: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x416046D: DbXml::NsSAX2Reader::parse(xercesc_2_7::InputSource const&) (NsSAX2Reader.cpp:340)
      ==20652==  Address 0x4FB6BA0 is 0 bytes after a block of size 40 alloc'd
      ==20652==    at 0x4004405: malloc (vg_replace_malloc.c:149)
      ==20652==    by 0x4110996: DbXml::SimpleMemoryManager::allocate(unsigned) (Globals.cpp:67)
      ==20652==    by 0x4175B88: reallocTextList(xercesc2_7::MemoryManager*, DbXml::nsTextList*) (NsNode.cpp:541)
      ==20652==    by 0x4177335: DbXml::NsNode::addText(xercesc_2_7::MemoryManager*, DbXml::nsTextList*, void const*, unsigned, unsigned, bool, bool) (XPath2MemoryManager.hpp:357)
      ==20652==    by 0x415BE36: DbXml::NsHandlerBase::addText(void*, unsigned, unsigned, bool, bool) (NsHandlerBase.cpp:175)
      ==20652==    by 0x416CABB: DbXml::NsTransientDomBuilder::characters(unsigned short const*, unsigned, bool, bool) (NsTransientDomBuilder.cpp:191)
      ==20652==    by 0x415CF96: DbXml::NsSAX2Reader::docCharacters(unsigned short const*, unsigned, bool) (NsSAX2Reader.cpp:491)
      ==20652==    by 0x484DD9C: xercesc_2_7::IGXMLScanner::sendCharData(xercesc_2_7::XMLBuffer&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x48512A3: xercesc_2_7::IGXMLScanner::scanCharData(xercesc_2_7::XMLBuffer&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x485496E: xercesc_2_7::IGXMLScanner::scanContent() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853599: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x416046D: DbXml::NsSAX2Reader::parse(xercesc_2_7::InputSource const&) (NsSAX2Reader.cpp:340)
      ==20652==
      ==20652== Invalid read of size 4
      ==20652==    at 0x417EE8D: DbXml::NsDomReader::childEvent() (NsDocument.hpp:144)
      ==20652==    by 0x417EFF8: DbXml::NsDomReader::next() (NsDomReader.cpp:326)
      ==20652==    by 0x417D529: DbXml::EventReaderToWriter::doEvent(DbXml::XmlEventWriter*, bool) (EventReaderToWriter.cpp:146)
      ==20652==    by 0x417D973: DbXml::EventReaderToWriter::nextEvent(DbXml::EventWriter*) (EventReaderToWriter.cpp:138)
      ==20652==    by 0x4174304: DbXml::PullEventInputStream::readBytes(char*, unsigned) (PullEventInputStream.cpp:74)
      ==20652==    by 0x416188D: DbXml::XmlBinStream::readBytes(unsigned char*, unsigned) (XmlInputStreamWrapper.hpp:31)
      ==20652==    by 0x4908009: xercesc_2_7::XMLReader::refreshRawBuffer() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4905351: xercesc_2_7::XMLReader::XMLReader(unsigned short const*, unsigned short const*, xercesc_2_7::BinInputStream*, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool, bool, xercesc_2_7::XMLReader::XMLVersion, xercesc_2_7::MemoryManager*) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x487C20E: xercesc_2_7::ReaderMgr::createReader(xercesc_2_7::InputSource const&, bool, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x484D5DA: xercesc_2_7::IGXMLScanner::scanReset(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853547: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x416046D: DbXml::NsSAX2Reader::parse(xercesc_2_7::InputSource const&) (NsSAX2Reader.cpp:340)
      ==20652==  Address 0x4FB6BA4 is 4 bytes after a block of size 40 alloc'd
      ==20652==    at 0x4004405: malloc (vg_replace_malloc.c:149)
      ==20652==    by 0x4110996: DbXml::SimpleMemoryManager::allocate(unsigned) (Globals.cpp:67)
      ==20652==    by 0x4175B88: reallocTextList(xercesc2_7::MemoryManager*, DbXml::nsTextList*) (NsNode.cpp:541)
      ==20652==    by 0x4177335: DbXml::NsNode::addText(xercesc_2_7::MemoryManager*, DbXml::nsTextList*, void const*, unsigned, unsigned, bool, bool) (XPath2MemoryManager.hpp:357)
      ==20652==    by 0x415BE36: DbXml::NsHandlerBase::addText(void*, unsigned, unsigned, bool, bool) (NsHandlerBase.cpp:175)
      ==20652==    by 0x416CABB: DbXml::NsTransientDomBuilder::characters(unsigned short const*, unsigned, bool, bool) (NsTransientDomBuilder.cpp:191)
      ==20652==    by 0x415CF96: DbXml::NsSAX2Reader::docCharacters(unsigned short const*, unsigned, bool) (NsSAX2Reader.cpp:491)
      ==20652==    by 0x484DD9C: xercesc_2_7::IGXMLScanner::sendCharData(xercesc_2_7::XMLBuffer&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x48512A3: xercesc_2_7::IGXMLScanner::scanCharData(xercesc_2_7::XMLBuffer&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x485496E: xercesc_2_7::IGXMLScanner::scanContent() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853599: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x416046D: DbXml::NsSAX2Reader::parse(xercesc_2_7::InputSource const&) (NsSAX2Reader.cpp:340)
      ==20652==
      ==20652== Invalid read of size 4
      ==20652==    at 0x417EE93: DbXml::NsDomReader::childEvent() (NsDocument.hpp:144)
      ==20652==    by 0x417EFF8: DbXml::NsDomReader::next() (NsDomReader.cpp:326)
      ==20652==    by 0x417D529: DbXml::EventReaderToWriter::doEvent(DbXml::XmlEventWriter*, bool) (EventReaderToWriter.cpp:146)
      ==20652==    by 0x417D973: DbXml::EventReaderToWriter::nextEvent(DbXml::EventWriter*) (EventReaderToWriter.cpp:138)
      ==20652==    by 0x4174304: DbXml::PullEventInputStream::readBytes(char*, unsigned) (PullEventInputStream.cpp:74)
      ==20652==    by 0x416188D: DbXml::XmlBinStream::readBytes(unsigned char*, unsigned) (XmlInputStreamWrapper.hpp:31)
      ==20652==    by 0x4908009: xercesc_2_7::XMLReader::refreshRawBuffer() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4905351: xercesc_2_7::XMLReader::XMLReader(unsigned short const*, unsigned short const*, xercesc_2_7::BinInputStream*, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool, bool, xercesc_2_7::XMLReader::XMLVersion, xercesc_2_7::MemoryManager*) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x487C20E: xercesc_2_7::ReaderMgr::createReader(xercesc_2_7::InputSource const&, bool, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x484D5DA: xercesc_2_7::IGXMLScanner::scanReset(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853547: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x416046D: DbXml::NsSAX2Reader::parse(xercesc_2_7::InputSource const&) (NsSAX2Reader.cpp:340)
      ==20652==  Address 0x4FB6BA8 is 8 bytes after a block of size 40 alloc'd
      ==20652==    at 0x4004405: malloc (vg_replace_malloc.c:149)
      ==20652==    by 0x4110996: DbXml::SimpleMemoryManager::allocate(unsigned) (Globals.cpp:67)
      ==20652==    by 0x4175B88: reallocTextList(xercesc2_7::MemoryManager*, DbXml::nsTextList*) (NsNode.cpp:541)
      ==20652==    by 0x4177335: DbXml::NsNode::addText(xercesc_2_7::MemoryManager*, DbXml::nsTextList*, void const*, unsigned, unsigned, bool, bool) (XPath2MemoryManager.hpp:357)
      ==20652==    by 0x415BE36: DbXml::NsHandlerBase::addText(void*, unsigned, unsigned, bool, bool) (NsHandlerBase.cpp:175)
      ==20652==    by 0x416CABB: DbXml::NsTransientDomBuilder::characters(unsigned short const*, unsigned, bool, bool) (NsTransientDomBuilder.cpp:191)
      ==20652==    by 0x415CF96: DbXml::NsSAX2Reader::docCharacters(unsigned short const*, unsigned, bool) (NsSAX2Reader.cpp:491)
      ==20652==    by 0x484DD9C: xercesc_2_7::IGXMLScanner::sendCharData(xercesc_2_7::XMLBuffer&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x48512A3: xercesc_2_7::IGXMLScanner::scanCharData(xercesc_2_7::XMLBuffer&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x485496E: xercesc_2_7::IGXMLScanner::scanContent() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853599: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x416046D: DbXml::NsSAX2Reader::parse(xercesc_2_7::InputSource const&) (NsSAX2Reader.cpp:340)
      ==20652==
      ==20652== Invalid read of size 2
      ==20652==    at 0x416208B: DbXml::NsUtil::nsToUTF8(xercesc_2_7::MemoryManager*, unsigned char**, unsigned short const*, unsigned, unsigned, bool*, checkType) (NsUtil.cpp:142)
      ==20652==    by 0x417EEA1: DbXml::NsDomReader::childEvent() (NsDocument.hpp:144)
      ==20652==    by 0x417EFF8: DbXml::NsDomReader::next() (NsDomReader.cpp:326)
      ==20652==    by 0x417D529: DbXml::EventReaderToWriter::doEvent(DbXml::XmlEventWriter*, bool) (EventReaderToWriter.cpp:146)
      ==20652==    by 0x417D973: DbXml::EventReaderToWriter::nextEvent(DbXml::EventWriter*) (EventReaderToWriter.cpp:138)
      ==20652==    by 0x4174304: DbXml::PullEventInputStream::readBytes(char*, unsigned) (PullEventInputStream.cpp:74)
      ==20652==    by 0x416188D: DbXml::XmlBinStream::readBytes(unsigned char*, unsigned) (XmlInputStreamWrapper.hpp:31)
      ==20652==    by 0x4908009: xercesc_2_7::XMLReader::refreshRawBuffer() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4905351: xercesc_2_7::XMLReader::XMLReader(unsigned short const*, unsigned short const*, xercesc_2_7::BinInputStream*, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool, bool, xercesc_2_7::XMLReader::XMLVersion, xercesc_2_7::MemoryManager*) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x487C20E: xercesc_2_7::ReaderMgr::createReader(xercesc_2_7::InputSource const&, bool, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x484D5DA: xercesc_2_7::IGXMLScanner::scanReset(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853547: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
      ==20652==
      ==20652== Process terminating with default action of signal 11 (SIGSEGV): dumping core
      ==20652==  Access not within mapped region at address 0x0
      ==20652==    at 0x416208B: DbXml::NsUtil::nsToUTF8(xercesc_2_7::MemoryManager*, unsigned char**, unsigned short const*, unsigned, unsigned, bool*, checkType) (NsUtil.cpp:142)
      ==20652==    by 0x417EEA1: DbXml::NsDomReader::childEvent() (NsDocument.hpp:144)
      ==20652==    by 0x417EFF8: DbXml::NsDomReader::next() (NsDomReader.cpp:326)
      ==20652==    by 0x417D529: DbXml::EventReaderToWriter::doEvent(DbXml::XmlEventWriter*, bool) (EventReaderToWriter.cpp:146)
      ==20652==    by 0x417D973: DbXml::EventReaderToWriter::nextEvent(DbXml::EventWriter*) (EventReaderToWriter.cpp:138)
      ==20652==    by 0x4174304: DbXml::PullEventInputStream::readBytes(char*, unsigned) (PullEventInputStream.cpp:74)
      ==20652==    by 0x416188D: DbXml::XmlBinStream::readBytes(unsigned char*, unsigned) (XmlInputStreamWrapper.hpp:31)
      ==20652==    by 0x4908009: xercesc_2_7::XMLReader::refreshRawBuffer() (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4905351: xercesc_2_7::XMLReader::XMLReader(unsigned short const*, unsigned short const*, xercesc_2_7::BinInputStream*, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool, bool, xercesc_2_7::XMLReader::XMLVersion, xercesc_2_7::MemoryManager*) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x487C20E: xercesc_2_7::ReaderMgr::createReader(xercesc_2_7::InputSource const&, bool, xercesc_2_7::XMLReader::RefFrom, xercesc_2_7::XMLReader::Types, xercesc_2_7::XMLReader::Sources, bool) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x484D5DA: xercesc_2_7::IGXMLScanner::scanReset(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==    by 0x4853547: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (in /gdx/lib.Linux/libxerces-c.so.27.0)
      ==20652==
      ==20652== ERROR SUMMARY: 9 errors from 7 contexts (suppressed: 26 from 1)
      We've worked around this for now by switching to node-based containers, but let me know if there's anything I can do to help investigate.

      Thanks,
      Michael Driscoll