The bug in Message #25 is still present in 0.8.1-1 although not as grave (the
change is INT2NUM -> INT2FIX which eliminates false negatives but not false
positives).
Compare the colliding-hash case:
$ ruby -r hpricot -e "print Hpricot.XML('<afuaf></zhgaa>')"
<afuaf></afuaf>
$ ruby -r hpricot -e "print Hpricot.XML('<aaaayi></zkbaaa>')"
<aaaayi></aaaayi>
With the non-colliding case:
$ ruby -r hpricot -e "print Hpricot.XML('<afuaf></a>')"
<afuaf></a></afuaf>
$ ruby -r hpricot -e "print Hpricot.XML('<aaaayi></a>')"
<aaaayi></a></aaaayi>
(Tested on x86, but it should also work on amd64. Additionally, the INT2NUM ->
INT2FIX adds additional collisions on x86 since it drops the high bit of the hash.)
It's unclear *why* the string-hashing even exists, since it's unlikely to offer
a significant performance (and rb_str_hash(tag) appears to be re-calculated in
several places anyway).
Additionally, it still accepts invalid XML and outputs even worse XML. The correct thing
to do is to return an error. "Garbage in, garbage out" applies to well-formed
programs; it's not an excuse for a compiler to not implement errors.
-TC
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
