[issue7138] elementtree segfaults on invalid xml declaration

Amaury Forgeot d'Arc added the comment: This was merged into 2.6 with r74432, into 2.5 with r77666, into 3.1 with r74436. -- assignee: -> jyasskin nosy: +jyasskin resolution: -> fixed status: open -> closed ___ Python tracker

[issue7138] elementtree segfaults on invalid xml declaration

Ryan Williams added the comment: Adding 2.5 back, looks like it was removed accidentally. Also, here's a list of strings for testing purposes: ['', '', '', '', '', '', ''] -- versions: +Python 2.5 ___ Python tracker

[issue7138] elementtree segfaults on invalid xml declaration

Amaury Forgeot d'Arc added the comment: FWIW, the latest Debian package: http://packages.debian.org/sid/libexpat1 is also vulnerable (I checked in the sources expat_2.0.1.orig.tar.gz, and it's not corrected in expat_2.0.1-4.diff.tgz) -- ___ Python tr

[issue7138] elementtree segfaults on invalid xml declaration

Antoine Pitrou added the comment: I don't know really. I wonder how Linux distributions handle maintenance of that library. Perhaps Fred Drake can help us? -- assignee: effbot -> nosy: +fdrake ___ Python tracker _

[issue7138] elementtree segfaults on invalid xml declaration

Amaury Forgeot d'Arc added the comment: The same thing had been discovered in expat 12 months before: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15 But expat hasn't made any release since 2.0.1, in June 2007... Are you suggesting to update our copy of exp

[issue7138] elementtree segfaults on invalid xml declaration

Changes by Ralf Schmitt : -- nosy: +schmir ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.or

[issue7138] elementtree segfaults on invalid xml declaration

Antoine Pitrou added the comment: Is our copy of expat in sync with upstream? How does maintenance happen? -- nosy: +pitrou ___ Python tracker ___ ___

[issue7138] elementtree segfaults on invalid xml declaration

Amaury Forgeot d'Arc added the comment: This has already been fixed with r74429, but no issue was filed at the time. It should be backported to 2.6 and 3.1 at least. And probably to 2.5 as well, because a crash on XML input can be considered as a security issue. Raising to "deferred blocker" s

[issue7138] elementtree segfaults on invalid xml declaration

Walter Dörwald added the comment: Here is a stacktrace of the crash with the system Python 2.6.1 on Mac OS X 10.6.1: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x00010100 0x7fff810f96b8 in XML_SetEncoding () (gdb) bt #0

[issue7138] elementtree segfaults on invalid xml declaration

chuck added the comment: I'm seeing this on the built-in python on os x 10.6, too: Python 2.6.1 (r261:67515, Jul 7 2009, 23:51:51) [GCC 4.2.1 (Apple Inc. build 5646)] on darwin But neither with the trunk Python 2.7a0 (trunk:75433M, Oct 15 2009, 08:27:13) [GCC 4.2.1 (Apple Inc. build 5646)]

[issue7138] elementtree segfaults on invalid xml declaration

Ezio Melotti added the comment: Confirmed on 3.1 on Windows too. -- assignee: -> effbot nosy: +effbot, ezio.melotti priority: -> high versions: +Python 3.1 -Python 2.5 ___ Python tracker _

[issue7138] elementtree segfaults on invalid xml declaration

New submission from Ryan Williams : This crash is surprisingly consistent across versions, operating systems, and whether the c module is used or not: Python 2.6.2 (r262:71600, Apr 16 2009, 09:17:39) [GCC 4.0.1 (Apple Computer, Inc. build 5250)] on darwin Type "help", "copyright", "credits" or