[issue31170] expat: utf8_toUtf8 cannot properly handle exhausting buffer

2017-08-31 Thread Benjamin Peterson
Benjamin Peterson added the comment: We can put expat 2.2.4 in 2.7.14 final. -- ___ Python tracker ___ ___ Python-bugs-list mailing li

[issue31170] expat: utf8_toUtf8 cannot properly handle exhausting buffer

2017-08-29 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: Corresponding Expat issue: https://github.com/libexpat/libexpat/issues/115. -- ___ Python tracker ___

[issue31170] expat: utf8_toUtf8 cannot properly handle exhausting buffer

2017-08-29 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: I confirm the regression (see issue31303 for reproducer). Victor, do you mind to update expat to 2.2.4? This issue can be classified as a security issue, since a regression was added in security update. -- nosy: +benjamin.peterson, georg.brandl, lar

[issue31170] expat: utf8_toUtf8 cannot properly handle exhausting buffer

2017-08-20 Thread Serhiy Storchaka
Changes by Serhiy Storchaka : -- nosy: +haypo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyth

[issue31170] expat: utf8_toUtf8 cannot properly handle exhausting buffer

2017-08-20 Thread sping
sping added the comment: Expat 2.2.4 with a fix has been released now: https://github.com/libexpat/libexpat/releases -- ___ Python tracker ___ __

[issue31170] expat: utf8_toUtf8 cannot properly handle exhausting buffer

2017-08-15 Thread sping
sping added the comment: For the record, the upstream fix is commit https://github.com/libexpat/libexpat/commit/74a7090a6eb92c27b7010287a4082de6b357fa42 and it will be part of Expat 2.2.4. -- nosy: +sping versions: +Python 2.7, Python 3.3, Python 3.4, Python 3.5 __

[issue31170] expat: utf8_toUtf8 cannot properly handle exhausting buffer

2017-08-14 Thread Lin Tian
Lin Tian added the comment: Reactive this issue as to let you know that libexpat has confirmed and fixed the bug and they are interested in porting the fix to python. Reactive this in case you want to know what's going on and make a decision accordingly. (Sorry, I'm not very familiar with proc

[issue31170] expat: utf8_toUtf8 cannot properly handle exhausting buffer

2017-08-09 Thread Serhiy Storchaka
Changes by Serhiy Storchaka : -- status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https:/

[issue31170] expat: utf8_toUtf8 cannot properly handle exhausting buffer

2017-08-09 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: This is not our code. Please use corresponding bug tracker [1] if you have found a bug in Expat. But I think there is not a bug here. [1] https://github.com/libexpat/libexpat/issues -- nosy: +serhiy.storchaka resolution: -> third party stage: -> r

[issue31170] expat: utf8_toUtf8 cannot properly handle exhausting buffer

2017-08-09 Thread Lin Tian
New submission from Lin Tian: utf8_toUtf8(const ENCODING *UNUSED_P(enc), const char **fromP, const char *fromLim, char **toP, const char *toLim) { char *to; const char *from; const char *fromLimInitial = fromLim; /* Avoid copying partial characters. */ align_lim