[libxml-devel] [ libxml-Bugs-22909 ] LibXML::XML::XPath::Object segfault (null pointer) on x86-64

noreply at rubyforge.org noreply at rubyforge.org
Thu Nov 20 15:35:49 EST 2008

Bugs item #22909, was opened at 2008-11-20 19:47
You can respond by visiting: 

Category: General
Group: None
Status: Open
Resolution: None
Priority: 3
Submitted By: Bradley Buda (bradleybuda)
Assigned to: Nobody (None)
Summary: LibXML::XML::XPath::Object segfault (null pointer) on x86-64

Initial Comment:
This script results in a ruby "[BUG] Segmentation fault" on a 64-bit machine, but works on a 32-bit machine:



require 'rubygems'
require 'libxml'

x = LibXML::XML::Parser.string("<root />").parse
x.find("/root") # if you comment out this line, script will NOT segfault
x.find("/root").length  # segfault occurs here


valgrind and gdb agree on this stack trace:
#0  0x00002aaaaca47bc7 in ruby_xml_xpath_object_empty_q (self=46912524542400) at ruby_xml_xpath_object.c:174
#1  0x00002aaaaca47c59 in ruby_xml_xpath_object_length (self=46912524542400) at ruby_xml_xpath_object.c:242
#2  0x00002aaaaacff48f in ?? () from /usr/lib/libruby1.8.so.1.8
#3  0x00002aaaaacff7b8 in ?? () from /usr/lib/libruby1.8.so.1.8
#4  0x00002aaaaad055b7 in ?? () from /usr/lib/libruby1.8.so.1.8
#5  0x00002aaaaad0dbbb in ?? () from /usr/lib/libruby1.8.so.1.8
#6  0x00002aaaaad0dc05 in ruby_exec () from /usr/lib/libruby1.8.so.1.8
#7  0x00002aaaaad0dc30 in ruby_run () from /usr/lib/libruby1.8.so.1.8
#8  0x0000000000400883 in main ()

Unfortunately I don't know enough about the Ruby C API to understand what's going wrong here.  My environment:

(note that this is a Xen node on Amazon EC2)
$ uname -a
Linux ...compute-1.amazonaws.com #1 SMP Fri Feb 15 12:34:28 EST 2008 x86_64 GNU/Linux

$ lsb_release  -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 8.04.1
Release:        8.04
Codename:       hardy

$ ruby -v
ruby 1.8.6 (2007-09-24 patchlevel 111) [x86_64-linux]

$ gem list --local libxml-ruby

*** LOCAL GEMS ***

libxml-ruby (0.9.2)

$ aptitude show libxml2-dev
Package: libxml2-dev
State: installed
Automatically installed: yes
Version: 2.6.31.dfsg-2ubuntu1.3


>Comment By: Bradley Buda (bradleybuda)
Date: 2008-11-20 20:35

Yes, it's 100% consistent.  I haven't gotten any further
with LibXML, so I don't know if there are other test cases
that would show similar results - I can try to put something

Thanks for the pointer to ruby_xml_document.c - I can look
at that code as a start.  I know C (I'm a bit rusty) it's
just the Ruby API that I don't know as well.

In my random Googling I found this (old) thread and patch:

Any guesses as to whether or not this could be in the same
class of problems?

I should have some time soon (maybe this weekend?) to dig
deeper into the code and start to understand how the
allocation and garbage collection works.  I'll update the
bug with whatever I figure out.

Thanks for the quick reply.


Comment By: Charlie Savage (cfis)
Date: 2008-11-20 20:01

Hi Bradely,

Boy, that's interesting.  So it always happens, without fail?  Do you see other things like that happening?

My best guess is somehow the reference counting scheme that is used between xpath objects and documents is broken on 64 bit machines (its in ruby_xml_document.c, the top 150 lines or so).

I don't have any 64-bit machines setup here, so not sure how to debug.  Can you recompile code on EC2?  Are you a C hacker and have time to work through this?  Just trying to figure out how to proceed.

Thanks for the great bug report and stack trace, very helpful.


You can respond by visiting: 

More information about the libxml-devel mailing list