From 559eb088618c9ac1423165b6e7205edbeffeca68 Mon Sep 17 00:00:00 2001 From: Brett Cannon Date: Thu, 13 Aug 2009 19:45:44 +0000 Subject: [PATCH] Backport of r74429. Not merged/blocked as svnmerge.py is giving me an error and I don't want to accidentally check in busted svnmerge metadata. --- Lib/test/test_pyexpat.py | 21 ++++++++++++++++++++- Misc/ACKS | 3 ++- Misc/NEWS | 2 ++ Modules/expat/xmltok_impl.c | 2 +- 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/Lib/test/test_pyexpat.py b/Lib/test/test_pyexpat.py index de5cded6c5..649d5d23bf 100644 --- a/Lib/test/test_pyexpat.py +++ b/Lib/test/test_pyexpat.py @@ -559,6 +559,24 @@ class ChardataBufferTest(unittest.TestCase): parser.Parse(xml2, 1) self.assertEquals(self.n, 4) +class MalformedInputText(unittest.TestCase): + def test1(self): + xml = "\0\r\n" + parser = expat.ParserCreate() + try: + parser.Parse(xml, True) + self.fail() + except expat.ExpatError as e: + self.assertEquals(str(e), 'no element found: line 2, column 1') + + def test2(self): + xml = "\r\n" + parser = expat.ParserCreate() + try: + parser.Parse(xml, True) + self.fail() + except expat.ExpatError as e: + self.assertEquals(str(e), 'XML declaration not well-formed: line 1, column 14') def test_main(): run_unittest(SetAttributeTest, @@ -569,7 +587,8 @@ def test_main(): HandlerExceptionTest, PositionTest, sf1296433Test, - ChardataBufferTest) + ChardataBufferTest, + MalformedInputText) if __name__ == "__main__": test_main() diff --git a/Misc/ACKS b/Misc/ACKS index b5794a8070..58ce228377 100644 --- a/Misc/ACKS +++ b/Misc/ACKS @@ -177,6 +177,7 @@ Ismail Donmez Dima Dorfman Cesar Douady Dean Draayer +Fred L. Drake, Jr. John DuBois Paul Dubois Graham Dumpleton @@ -358,7 +359,6 @@ Irmen de Jong Lucas de Jonge John Jorgensen Jens B. Jorgensen -Fred L. Drake, Jr. Andreas Jung Tattoo Mabonzo K. Bob Kahn @@ -393,6 +393,7 @@ Holger Krekel Michael Kremer Fabian Kreutz Hannu Krosing +Ivan Krstić Andrew Kuchling Vladimir Kushnir Cameron Laird diff --git a/Misc/NEWS b/Misc/NEWS index a4b30732c4..20692a0790 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -163,6 +163,8 @@ Library Extension Modules ----------------- +- Fix expat to not segfault with specially crafted input. + - Issue #4873: Fix resource leaks in error cases of pwd and grp. Build diff --git a/Modules/expat/xmltok_impl.c b/Modules/expat/xmltok_impl.c index 0ee57abb1f..f793a6b8c7 100644 --- a/Modules/expat/xmltok_impl.c +++ b/Modules/expat/xmltok_impl.c @@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *enc, const char *end, POSITION *pos) { - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ -- 2.40.0