This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: expat crash python
Type: Stage:
Components: XML Versions: Python 2.4
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: brett.cannon Nosy List: brett.cannon, effbot, fdrake, nnorwitz, rozhnov
Priority: high Keywords:

Created on 2005-09-20 14:10 by rozhnov, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
crash.py rozhnov, 2005-09-20 14:10 this script crash python
expat-crash.patch nnorwitz, 2005-11-12 20:53 fix attempt 1
Messages (7)
msg26336 - (view) Author: Mike Rozhnov (rozhnov) Date: 2005-09-20 14:10 
This simple script crash python.
Parsing of commented xml string work good.
(i.e. raised exception not crash python)
Buffer overflow during convertion to unicode?

Tested on Win XP and linux with kernel 2.4 with same
results.
msg26337 - (view) Author: Neal Norwitz (nnorwitz) * (Python committer) Date: 2005-09-22 21:54 
Logged In: YES 
user_id=33168

I can reproduce on Linux with current CVS and expat
1.95.5-2.  Note the size of the data only needs to be
greater than 1024.

xml = "<?xml version='1.0' encoding='iso8859'?><s>%s</s>" %
('a' * 1025)

I am not certain this problem is specific to Python.  It
might be down in expat only.  Need to investigate further.
msg26338 - (view) Author: Fredrik Lundh (effbot) * (Python committer) Date: 2005-11-12 11:05 
Logged In: YES 
user_id=38376

Works for me under 2.3.2 (with expat 1.95.6) and 2.4.1 (with
expat 1.95.8).

Try upgrading your expat and see if the problem goes away.
msg26339 - (view) Author: Neal Norwitz (nnorwitz) * (Python committer) Date: 2005-11-12 20:53 
Logged In: YES 
user_id=33168

I had recently upgraded to expat 1.95.8, so I was hopeful. 
But it still crashed for me on linux.  

I did get a better stack trace which allowed me to come up
with a patch that solves the problem and passes all the
tests.  The patch seems a bit odd and I think there might be
another problem going on here.  It would be great if someone
more familiar with xmlparse could take a look at the patch
and figure out if it's right or not.
msg26340 - (view) Author: Brett Cannon (brett.cannon) * (Python committer) Date: 2006-06-30 01:33 
Logged In: YES 
user_id=357491

Still seems to be failing even with the Expat 2.0 upgrade in
HEAD.
msg26341 - (view) Author: Brett Cannon (brett.cannon) * (Python committer) Date: 2006-06-30 18:06 
Logged In: YES 
user_id=357491

The fault is with Expat and not us.  I have submitted a bug
report with a possible patch at
http://sourceforge.net/tracker/index.php?func=detail&aid=1515266&group_id=10127&atid=110127
 .  I don't know what their turn-around time will be with
this so I will email python-dev to see how long people want
to wait on the Expat developers before we just push our own
patch for this.
msg26342 - (view) Author: Fred Drake (fdrake) (Python committer) Date: 2006-07-01 16:33 
Logged In: YES 
user_id=3066

This is now fixed in the Expat CVS with lib/xmlparse.c
revisions 1.154 and 1.155.  I've merged these into the Expat
bundled with Python in revision 47191 (on the trunk), and
moved the crasher test into the tests for xml.parsers.expat.

I don't know when the next Expat release will go out yet,
but this will keep us from being dependent on that schedule.
History
Date User Action Args
2022-04-11 14:56:13adminsetgithub: 42389
2005-09-20 14:10:03rozhnovcreate