[Expat-bugs] [ expat-Bugs-1515266 ] missing check of stopped parser in doContext() 'for' loop
SourceForge.net
noreply at sourceforge.net
Sat Jul 1 17:32:18 CEST 2006
Bugs item #1515266, was opened at 2006-06-30 14:04
Message generated for change (Comment added) made by fdrake
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=1515266&group_id=10127
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: Test Required
Status: Closed
Resolution: Accepted
Priority: 6
Submitted By: Brett Cannon (bcannon)
Assigned to: Fred L. Drake, Jr. (fdrake)
Summary: missing check of stopped parser in doContext() 'for' loop
Initial Comment:
In Expat 2.0.0, in expat.c:doConvert() there is a 'for'
loop for the XML_TOK_DATA_CHARS case. There is
unfortunately no check in that loop whether the parser
was stopped during that call because of an error.
This was discovered in Python
(Lib/test/crashers/xml_parsers.py) because pyexpat,
upon error where there is no error return code like
with characterDataHandlers, sets all handlers to 0,
sets parsingStatus to XML_FINISHED, and sets errorCode.
This leads to a segfault if the 'for' loop goes around
again because parser->m_characterDataHandler is set to 0.
A simple check if the parser is stopped fixes the
problem. I have attached a simple patch that just
breaks out of the loop and lets execution fall through
to the bottom of the 'switch' statement. I don't know
if returning errorCode directly would be better or if
checking for XML_SUSPENDED is also desirable.
----------------------------------------------------------------------
>Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2006-07-01 11:32
Message:
Logged In: YES
user_id=3066
Confirmed that the suspend behavior parallels the abort
behavior Brett's patch fixed; fixed and added a regression
test in lib/xmlparse.c 1.155 and tests/runtests.c 1.66.
----------------------------------------------------------------------
Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2006-07-01 11:02
Message:
Logged In: YES
user_id=3066
Added a regression test in tests/runtests.c revision 1.65.
Closing this report.
----------------------------------------------------------------------
Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2006-07-01 00:00
Message:
Logged In: YES
user_id=3066
That seems fine, but can be done faster within the Expat
implementation. I've committed the simplified patch as
lib/xmlparse.c revision 1.154.
I'll have a test case committed tomorrow as well. Leaving
this report open for now since I need to finish up the test
case.
----------------------------------------------------------------------
Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2006-06-30 14:40
Message:
Logged In: YES
user_id=3066
The Python folks need this dealt with before Python 2.5, so
I'll try and take a look at it this weekend if no one beats
me to it.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=1515266&group_id=10127
More information about the Expat-bugs
mailing list