[Python-Dev] how long to wait for expat to incorporate a fix to prevent a crasher?

[Brett Cannon]

Lib/test/crashers/xml_parsers.py is a crasher that involves expat (bug
report at http://python.org/sf/1296433).  What is at issue here is that
there is a 'for' loop in expat where the status of the parser is not
checked.  Because of this, the loop continues on its merry way, which is a
problem because pyexpat sets all handlers to 0 upon error and the 'for' loop
executes a handler.  =)  We all know what happens if you try to execute
memory location 0x0.

Anyway, the fault is not on our end since expat should be checking the
status of the parser before going around the loop again instead of blindly
assuming that everything is fine after a characterDataHandler() call
(especially since there is no error return code and there is a parser status
flag for this exact reason).  I have filed a bug report at
http://sourceforge.net/support/tracker.php?aid=1515266 and attached a
possible patch.

The question is how long do we wait for the expat developers to patch and do
a micro release?  Do we just leave this possible crasher in and just rely
entirely on the expat developers, or do we patch our copy and use that until
they get around to doing their next version push?

-Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20060630/37261cfc/attachment.html