Help: 一个奇怪的 rapidxml 崩溃问题

2015-11-17 15:10:29 +08:00
 typcn

链接: http://crashes.to/s/2bfb6acc1a6

崩溃信息:

Thread : Crashed: mpv
0 Bilibili 0x107f421c2 rapidxml::xml_node<char>::first_node(char const*, unsigned long, bool) const (rapidxml.hpp:315)
1 Bilibili 0x107f414f9 bilibiliParser::Convert(bool) (danmaku2ass.cpp:75)
2 Bilibili 0x107f32fe4 -[PlayerView getComments::] (PlayerView.mm:757)
3 Bilibili 0x107f2f33b __23-[PlayerView LoadVideo]_block_invoke (PlayerView.mm:486)
4 libdispatch.dylib 0x7fff880dc8f5 _dispatch_call_block_and_release + 12
5 libdispatch.dylib 0x7fff880d13c3 _dispatch_client_callout + 8
6 libdispatch.dylib 0x7fff880d5ff3 _dispatch_queue_drain + 754
7 libdispatch.dylib 0x7fff880dc6bf _dispatch_queue_invoke + 549
8 libdispatch.dylib 0x7fff880d13c3 _dispatch_client_callout + 8
9 libdispatch.dylib 0x7fff880d5253 _dispatch_root_queue_drain + 1890
10 libdispatch.dylib 0x7fff880d4ab8 _dispatch_worker_thread3 + 91
11 libsystem_pthread.dylib 0x7fff8b6814f2 _pthread_wqthread + 1129
12 libsystem_pthread.dylib 0x7fff8b67f375 start_wqthread + 13

for (xml_node<> *child = node->first_node("d"); child; child = child->next_sibling())

这行调用造成了崩溃,调用的函数是 first_node ,参数为静态的字符串 d
地址: https://github.com/typcn/danmaku2ass_native/blob/master/danmaku2ass.cpp#L75

xml_node<Ch> *first_node(const Ch *name = 0, std::size_t name_size = 0, bool case_sensitive = true) const
{
    if (name)
    {
        if (name_size == 0)
            name_size = internal::measure(name);
        for (xml_node<Ch> *child = m_first_node; child; child = child->next_sibling())
            if (internal::compare(child->name(), child->name_size(), name, name_size, case_sensitive))
                return child;
        return 0;
    }
    else
        return m_first_node;
}

可以看到 first_node 调用了 internal::measure(), measure 的代码是这样的

// Find length of the string
template<class Ch>
inline std::size_t measure(const Ch *p)
{
    const Ch *tmp = p;
    while (*tmp) 
        ++tmp;
    return tmp - p;
}

https://github.com/typcn/danmaku2ass_native/blob/master/rapidxml/rapidxml.hpp#L315
315 行,也就是崩溃的行数,就是 return tmp - p ,输入的内容 p 是固定的字符串 "d" ,为什么会崩溃呢, how to resolve it ?

(也可以在 GitHub 评论 or PR https://github.com/typcn/bilibili-mac-client/issues/168

969 次点击
所在节点    C
2 条回复
ryanking8215
2015-11-18 09:02:03 +08:00
粗看没看出来, node 会不会是 NULL?
typcn
2015-11-18 10:19:24 +08:00
@ryanking8215 解析出错的时候会抛出一个异常,上面已经 return false 了, and 即使是 null 也不可能在计算 "d" 的长度时崩溃啊...

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/236785

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX