[issue7138] elementtree segfaults on invalid xml declaration
Amaury Forgeot d'Arc amaur...@gmail.com added the comment: This was merged into 2.6 with r74432, into 2.5 with r77666, into 3.1 with r74436. -- assignee: - jyasskin nosy: +jyasskin resolution: - fixed status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
Ezio Melotti ezio.melo...@gmail.com added the comment: Confirmed on 3.1 on Windows too. -- assignee: - effbot nosy: +effbot, ezio.melotti priority: - high versions: +Python 3.1 -Python 2.5 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
chuck jan.hos...@gmail.com added the comment: I'm seeing this on the built-in python on os x 10.6, too: Python 2.6.1 (r261:67515, Jul 7 2009, 23:51:51) [GCC 4.2.1 (Apple Inc. build 5646)] on darwin But neither with the trunk Python 2.7a0 (trunk:75433M, Oct 15 2009, 08:27:13) [GCC 4.2.1 (Apple Inc. build 5646)] on darwin nor with a ports installation Python 2.6.3 (r263:75183, Oct 7 2009, 07:05:03) [GCC 4.2.1 (Apple Inc. build 5646)] on darwin -- nosy: +chuck ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
Walter Dörwald wal...@livinglogic.de added the comment: Here is a stacktrace of the crash with the system Python 2.6.1 on Mac OS X 10.6.1: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x00010100 0x7fff810f96b8 in XML_SetEncoding () (gdb) bt #0 0x7fff810f96b8 in XML_SetEncoding () #1 0x7fff810ecad0 in XML_GetCurrentLineNumber () #2 0x0001005c2150 in initpyexpat () #3 0x0001005c3516 in initpyexpat () #4 0x0001000891df in PyEval_EvalFrameEx () #5 0x000100089330 in PyEval_EvalFrameEx () #6 0x000100089330 in PyEval_EvalFrameEx () #7 0x00010008accf in PyEval_EvalCodeEx () #8 0x00010008ad62 in PyEval_EvalCode () #9 0x0001000a265a in Py_CompileString () #10 0x0001000a44dd in PyRun_InteractiveOneFlags () #11 0x0001000a4615 in PyRun_InteractiveLoopFlags () #12 0x0001000a4685 in PyRun_AnyFileExFlags () #13 0x0001000b0286 in Py_Main () #14 0x00010e6c in ?? () -- nosy: +doerwalter ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
Amaury Forgeot d'Arc amaur...@gmail.com added the comment: This has already been fixed with r74429, but no issue was filed at the time. It should be backported to 2.6 and 3.1 at least. And probably to 2.5 as well, because a crash on XML input can be considered as a security issue. Raising to deferred blocker so that it does not block 2.6.4. -- nosy: +amaury.forgeotdarc, barry priority: high - deferred blocker ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
Antoine Pitrou pit...@free.fr added the comment: Is our copy of expat in sync with upstream? How does maintenance happen? -- nosy: +pitrou ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
Changes by Ralf Schmitt sch...@gmail.com: -- nosy: +schmir ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
Amaury Forgeot d'Arc amaur...@gmail.com added the comment: The same thing had been discovered in expat 12 months before: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13r2=1.15 But expat hasn't made any release since 2.0.1, in June 2007... Are you suggesting to update our copy of expat with its latest cvs revision? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
Antoine Pitrou pit...@free.fr added the comment: I don't know really. I wonder how Linux distributions handle maintenance of that library. Perhaps Fred Drake can help us? -- assignee: effbot - nosy: +fdrake ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
Amaury Forgeot d'Arc amaur...@gmail.com added the comment: FWIW, the latest Debian package: http://packages.debian.org/sid/libexpat1 is also vulnerable (I checked in the sources expat_2.0.1.orig.tar.gz, and it's not corrected in expat_2.0.1-4.diff.tgz) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
Ryan Williams r...@lindenlab.com added the comment: Adding 2.5 back, looks like it was removed accidentally. Also, here's a list of strings for testing purposes: ['?xml \xee\xae\x94 ?', '?xml \xc4\x9d ?', '?xml \xc8\x84 ?', '?xml \xd9\xb5 ?', '?xml \xd9\xaa ?', '?xml \xc9\x88 ?', '?xml \xcb\x8c ?'] -- versions: +Python 2.5 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7138 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7138] elementtree segfaults on invalid xml declaration
New submission from Ryan Williams r...@lindenlab.com:
This crash is surprisingly consistent across versions, operating
systems, and whether the c module is used or not:
Python 2.6.2 (r262:71600, Apr 16 2009, 09:17:39)
[GCC 4.0.1 (Apple Computer, Inc. build 5250)] on darwin
Type help, copyright, credits or license for more information.
from xml.etree.cElementTree import fromstring
fromstring('?xml \xcb\x8c ?')
Segmentation fault
Python 2.5.4 (r254:67916, Jun 3 2009, 14:22:10)
[GCC 4.0.1 (Apple Inc. build 5488)] on darwin
Type help, copyright, credits or license for more information.
from xml.etree.ElementTree import fromstring
fromstring('?xml \xcb\x8c ?')
Segmentation fault
Python 2.4.4 (#2, Oct 22 2008, 20:20:22)
[GCC 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)] on linux2
Type help, copyright, credits or license for more information.
from elementtree.ElementTree import fromstring
fromstring('?xml \xcb\x8c ?')
Segmentation fault
Python 2.5 (release25-maint, Jul 23 2008, 18:15:29)
[GCC 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)] on linux2
Type help, copyright, credits or license for more information.
from xml.etree.ElementTree import fromstring
fromstring('?xml \xcb\x8c ?')
Segmentation fault
Python 2.5.2 (r252:60911, Jan 4 2009, 17:40:26)
[GCC 4.3.2] on linux2
Type help, copyright, credits or license for more information.
from xml.etree.ElementTree import fromstring
fromstring('?xml \xcb\x8c ?')
Segmentation fault
I'm a little fuzzy on who's responsible for elementtree, so if there's a
more appropriate venue to file this bug, please let me know.
--
components: Library (Lib)
messages: 94073
nosy: whichlinden
severity: normal
status: open
title: elementtree segfaults on invalid xml declaration
type: crash
versions: Python 2.4, Python 2.5, Python 2.6
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7138
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
