V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
typcn
V2EX  ›  C

Help: 一个奇怪的 rapidxml 崩溃问题

  •  
  •   typcn · 2015-11-17 15:10:29 +08:00 · 1255 次点击
    这是一个创建于 3630 天前的主题,其中的信息可能已经有所发展或是发生改变。

    链接: http://crashes.to/s/2bfb6acc1a6

    崩溃信息:

    Thread : Crashed: mpv
    0 Bilibili 0x107f421c2 rapidxml::xml_node<char>::first_node(char const*, unsigned long, bool) const (rapidxml.hpp:315)
    1 Bilibili 0x107f414f9 bilibiliParser::Convert(bool) (danmaku2ass.cpp:75)
    2 Bilibili 0x107f32fe4 -[PlayerView getComments::] (PlayerView.mm:757)
    3 Bilibili 0x107f2f33b __23-[PlayerView LoadVideo]_block_invoke (PlayerView.mm:486)
    4 libdispatch.dylib 0x7fff880dc8f5 _dispatch_call_block_and_release + 12
    5 libdispatch.dylib 0x7fff880d13c3 _dispatch_client_callout + 8
    6 libdispatch.dylib 0x7fff880d5ff3 _dispatch_queue_drain + 754
    7 libdispatch.dylib 0x7fff880dc6bf _dispatch_queue_invoke + 549
    8 libdispatch.dylib 0x7fff880d13c3 _dispatch_client_callout + 8
    9 libdispatch.dylib 0x7fff880d5253 _dispatch_root_queue_drain + 1890
    10 libdispatch.dylib 0x7fff880d4ab8 _dispatch_worker_thread3 + 91
    11 libsystem_pthread.dylib 0x7fff8b6814f2 _pthread_wqthread + 1129
    12 libsystem_pthread.dylib 0x7fff8b67f375 start_wqthread + 13

    for (xml_node<> *child = node->first_node("d"); child; child = child->next_sibling())
    

    这行调用造成了崩溃,调用的函数是 first_node ,参数为静态的字符串 d
    地址: https://github.com/typcn/danmaku2ass_native/blob/master/danmaku2ass.cpp#L75

    xml_node<Ch> *first_node(const Ch *name = 0, std::size_t name_size = 0, bool case_sensitive = true) const
    {
        if (name)
        {
            if (name_size == 0)
                name_size = internal::measure(name);
            for (xml_node<Ch> *child = m_first_node; child; child = child->next_sibling())
                if (internal::compare(child->name(), child->name_size(), name, name_size, case_sensitive))
                    return child;
            return 0;
        }
        else
            return m_first_node;
    }
    

    可以看到 first_node 调用了 internal::measure(), measure 的代码是这样的

    // Find length of the string
    template<class Ch>
    inline std::size_t measure(const Ch *p)
    {
        const Ch *tmp = p;
        while (*tmp) 
            ++tmp;
        return tmp - p;
    }
    

    https://github.com/typcn/danmaku2ass_native/blob/master/rapidxml/rapidxml.hpp#L315
    315 行,也就是崩溃的行数,就是 return tmp - p ,输入的内容 p 是固定的字符串 "d" ,为什么会崩溃呢, how to resolve it ?

    (也可以在 GitHub 评论 or PR https://github.com/typcn/bilibili-mac-client/issues/168

    2 条回复    2015-11-18 10:19:24 +08:00
    ryanking8215
        1
    ryanking8215  
       2015-11-18 09:02:03 +08:00
    粗看没看出来, node 会不会是 NULL?
    typcn
        2
    typcn  
    OP
       2015-11-18 10:19:24 +08:00 via iPhone
    @ryanking8215 解析出错的时候会抛出一个异常,上面已经 return false 了, and 即使是 null 也不可能在计算 "d" 的长度时崩溃啊...
    关于   ·   帮助文档   ·   自助推广系统   ·   博客   ·   API   ·   FAQ   ·   Solana   ·   2626 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 14:10 · PVG 22:10 · LAX 07:10 · JFK 10:10
    ♥ Do have faith in what you're doing.