handler would cause a segfault. This merges in Expat's lib/xmlparse.c revisions 1.154 and 1.155, which fix this and a closely related problem (the later does not affect Python). Moved the crasher test to the tests for xml.parsers.expat.
This commit is contained in:
parent
7596e8342e
commit
6ffe499397
|
@ -1,56 +0,0 @@
|
||||||
from xml.parsers import expat
|
|
||||||
|
|
||||||
# http://python.org/sf/1296433
|
|
||||||
|
|
||||||
def test_parse_only_xml_data():
|
|
||||||
#
|
|
||||||
xml = "<?xml version='1.0' encoding='iso8859'?><s>%s</s>" % ('a' * 1025)
|
|
||||||
# this one doesn't crash
|
|
||||||
#xml = "<?xml version='1.0'?><s>%s</s>" % ('a' * 10000)
|
|
||||||
|
|
||||||
def handler(text):
|
|
||||||
raise Exception
|
|
||||||
|
|
||||||
parser = expat.ParserCreate()
|
|
||||||
parser.CharacterDataHandler = handler
|
|
||||||
|
|
||||||
try:
|
|
||||||
parser.Parse(xml)
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
|
||||||
test_parse_only_xml_data()
|
|
||||||
|
|
||||||
# Invalid read of size 4
|
|
||||||
# at 0x43F936: PyObject_Free (obmalloc.c:735)
|
|
||||||
# by 0x45A7C7: unicode_dealloc (unicodeobject.c:246)
|
|
||||||
# by 0x1299021D: PyUnknownEncodingHandler (pyexpat.c:1314)
|
|
||||||
# by 0x12993A66: processXmlDecl (xmlparse.c:3330)
|
|
||||||
# by 0x12999211: doProlog (xmlparse.c:3678)
|
|
||||||
# by 0x1299C3F0: prologInitProcessor (xmlparse.c:3550)
|
|
||||||
# by 0x12991EA3: XML_ParseBuffer (xmlparse.c:1562)
|
|
||||||
# by 0x1298F8EC: xmlparse_Parse (pyexpat.c:895)
|
|
||||||
# by 0x47B3A1: PyEval_EvalFrameEx (ceval.c:3565)
|
|
||||||
# by 0x47CCAC: PyEval_EvalCodeEx (ceval.c:2739)
|
|
||||||
# by 0x47CDE1: PyEval_EvalCode (ceval.c:490)
|
|
||||||
# by 0x499820: PyRun_SimpleFileExFlags (pythonrun.c:1198)
|
|
||||||
# by 0x4117F1: Py_Main (main.c:492)
|
|
||||||
# by 0x12476D1F: __libc_start_main (in /lib/libc-2.3.5.so)
|
|
||||||
# by 0x410DC9: (within /home/neal/build/python/svn/clean/python)
|
|
||||||
# Address 0x12704020 is 264 bytes inside a block of size 592 free'd
|
|
||||||
# at 0x11B1BA8A: free (vg_replace_malloc.c:235)
|
|
||||||
# by 0x124B5F18: (within /lib/libc-2.3.5.so)
|
|
||||||
# by 0x48DE43: find_module (import.c:1320)
|
|
||||||
# by 0x48E997: import_submodule (import.c:2249)
|
|
||||||
# by 0x48EC15: load_next (import.c:2083)
|
|
||||||
# by 0x48F091: import_module_ex (import.c:1914)
|
|
||||||
# by 0x48F385: PyImport_ImportModuleEx (import.c:1955)
|
|
||||||
# by 0x46D070: builtin___import__ (bltinmodule.c:44)
|
|
||||||
# by 0x4186CF: PyObject_Call (abstract.c:1777)
|
|
||||||
# by 0x474E9B: PyEval_CallObjectWithKeywords (ceval.c:3432)
|
|
||||||
# by 0x47928E: PyEval_EvalFrameEx (ceval.c:2038)
|
|
||||||
# by 0x47CCAC: PyEval_EvalCodeEx (ceval.c:2739)
|
|
||||||
# by 0x47CDE1: PyEval_EvalCode (ceval.c:490)
|
|
||||||
# by 0x48D0F7: PyImport_ExecCodeModuleEx (import.c:635)
|
|
||||||
# by 0x48D4F4: load_source_module (import.c:913)
|
|
|
@ -365,3 +365,24 @@ parser.Parse('''<a>
|
||||||
<c/>
|
<c/>
|
||||||
</b>
|
</b>
|
||||||
</a>''', 1)
|
</a>''', 1)
|
||||||
|
|
||||||
|
|
||||||
|
def test_parse_only_xml_data():
|
||||||
|
# http://python.org/sf/1296433
|
||||||
|
#
|
||||||
|
xml = "<?xml version='1.0' encoding='iso8859'?><s>%s</s>" % ('a' * 1025)
|
||||||
|
# this one doesn't crash
|
||||||
|
#xml = "<?xml version='1.0'?><s>%s</s>" % ('a' * 10000)
|
||||||
|
|
||||||
|
def handler(text):
|
||||||
|
raise Exception
|
||||||
|
|
||||||
|
parser = expat.ParserCreate()
|
||||||
|
parser.CharacterDataHandler = handler
|
||||||
|
|
||||||
|
try:
|
||||||
|
parser.Parse(xml)
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
|
||||||
|
test_parse_only_xml_data()
|
||||||
|
|
|
@ -2552,6 +2552,8 @@ doContent(XML_Parser parser,
|
||||||
(int)(dataPtr - (ICHAR *)dataBuf));
|
(int)(dataPtr - (ICHAR *)dataBuf));
|
||||||
if (s == next)
|
if (s == next)
|
||||||
break;
|
break;
|
||||||
|
if (ps_parsing == XML_FINISHED || ps_parsing == XML_SUSPENDED)
|
||||||
|
break;
|
||||||
*eventPP = s;
|
*eventPP = s;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue