Backport of r77429. Not merged/blocked as svnmerge.py is not liking me right now.

diff --git a/Lib/test/test_pyexpat.py b/Lib/test/test_pyexpat.py
index 4947c8b934404aa8e3fe5f01980a6cd7257acdb6..72795be98a36548d256a24ea96d5db93c114fcb6 100644 (file)
--- a/Lib/test/test_pyexpat.py
+++ b/Lib/test/test_pyexpat.py
@@ -510,6 +510,24 @@ class ChardataBufferTest(unittest.TestCase):
         parser.Parse(xml2, 1)
         self.assertEquals(self.n, 4)
 
+class MalformedInputText(unittest.TestCase):
+    def test1(self):
+        xml = "\0\r\n"
+        parser = expat.ParserCreate()
+        try:
+            parser.Parse(xml, True)
+            self.fail()
+        except expat.ExpatError as e:
+            self.assertEquals(str(e), 'no element found: line 2, column 1')
+
+    def test2(self):
+        xml = "<?xml version\xc2\x85='1.0'?>\r\n"
+        parser = expat.ParserCreate()
+        try:
+            parser.Parse(xml, True)
+            self.fail()
+        except expat.ExpatError as e:
+            self.assertEquals(str(e), 'XML declaration not well-formed: line 1, column 14')
 
 def test_main():
     run_unittest(SetAttributeTest,
@@ -520,7 +538,8 @@ def test_main():
                  HandlerExceptionTest,
                  PositionTest,
                  sf1296433Test,
-                 ChardataBufferTest)
+                 ChardataBufferTest,
+                 MalformedInputText)
 
 if __name__ == "__main__":
     test_main()

diff --git a/Misc/ACKS b/Misc/ACKS
index a580f22b658608b2a448fb1cd3a2a91e76b3aaff..e4086bd701be071d8ff50bc62ffe7507adfaaf2c 100644 (file)
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -184,6 +184,7 @@ Ismail Donmez
 Dima Dorfman
 Cesar Douady
 Dean Draayer
+Fred L. Drake, Jr.
 John DuBois
 Paul Dubois
 Graham Dumpleton
@@ -372,7 +373,6 @@ Irmen de Jong
 Lucas de Jonge
 John Jorgensen
 Jens B. Jorgensen
-Fred L. Drake, Jr.
 Andreas Jung
 Tattoo Mabonzo K.
 Bob Kahn
@@ -409,6 +409,7 @@ Holger Krekel
 Michael Kremer
 Fabian Kreutz
 Hannu Krosing
+Ivan Krstić
 Andrew Kuchling
 Vladimir Kushnir
 Cameron Laird

diff --git a/Misc/NEWS b/Misc/NEWS
index e1156952cd8fa499774658384b22bda4e1fcff67..86ffa55c06888a40afb2aad5a8ffb03f459a8483 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -122,6 +122,8 @@ Library
 Extension Modules
 -----------------
 
+- Fix a segfault that could be triggered by expat with specially formed input.
+
 - Issue #6561: '\d' in a regex now matches only characters with
   Unicode category 'Nd' (Number, Decimal Digit).  Previously it also
   matched characters with category 'No'.

diff --git a/Modules/expat/xmltok_impl.c b/Modules/expat/xmltok_impl.c
index 0ee57abb1f41c720bd374a1884323bb16f42b817..f793a6b8c76fcf09777356ec7cf365eb365fde98 100644 (file)
--- a/Modules/expat/xmltok_impl.c
+++ b/Modules/expat/xmltok_impl.c
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *enc,
                        const char *end,
                        POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr < end) {
     switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
     case BT_LEAD ## n: \