how long to wait for expat to incorporate a fix to prevent a crasher?
Lib/test/crashers/xml_parsers.py is a crasher that involves expat (bug report at http://python.org/sf/1296433). What is at issue here is that there is a 'for' loop in expat where the status of the parser is not checked. Because of this, the loop continues on its merry way, which is a problem because pyexpat sets all handlers to 0 upon error and the 'for' loop executes a handler. =) We all know what happens if you try to execute memory location 0x0. Anyway, the fault is not on our end since expat should be checking the status of the parser before going around the loop again instead of blindly assuming that everything is fine after a characterDataHandler() call (especially since there is no error return code and there is a parser status flag for this exact reason). I have filed a bug report at http://sourceforge.net/support/tracker.php?aid=1515266 and attached a possible patch. The question is how long do we wait for the expat developers to patch and do a micro release? Do we just leave this possible crasher in and just rely entirely on the expat developers, or do we patch our copy and use that until they get around to doing their next version push? -Brett
On Friday 30 June 2006 14:19, Brett Cannon wrote:
The question is how long do we wait for the expat developers to patch and do a micro release? Do we just leave this possible crasher in and just rely entirely on the expat developers, or do we patch our copy and use that until they get around to doing their next version push?
Sigh. Too much to do all around. I'll try to take a look at this over the weekend. -Fred -- Fred L. Drake, Jr. <fdrake at acm.org>
Brett Cannon wrote:
The question is how long do we wait for the expat developers to patch and do a micro release? Do we just leave this possible crasher in and just rely entirely on the expat developers, or do we patch our copy and use that until they get around to doing their next version push?
If you have a patch, you should commit it to our copy. Make sure you activate the test case, so that somebody incorporating the next Expat release doesn't mistakenly roll back your change. Of course, you might wait a few days to see whether Fred creates another release that we could incorporate without introducing new features. Regards, Martin
On 6/30/06, "Martin v. Löwis"
Brett Cannon wrote:
The question is how long do we wait for the expat developers to patch and do a micro release? Do we just leave this possible crasher in and just rely entirely on the expat developers, or do we patch our copy and use that until they get around to doing their next version push?
If you have a patch, you should commit it to our copy. Make sure you activate the test case, so that somebody incorporating the next Expat release doesn't mistakenly roll back your change.
OK, will do. Of course, you might wait a few days to see whether Fred creates another
release that we could incorporate without introducing new features.
Yeah, I am going to wait a little while. -Brett
On Friday 30 June 2006 16:03, Martin v. Löwis wrote:
If you have a patch, you should commit it to our copy. Make sure you activate the test case, so that somebody incorporating the next Expat release doesn't mistakenly roll back your change.
A modified version of Brett's patch has been committed to Expat, along with regression tests for two specific cases that it handles (only one of which is relevant to Python). The patch to xmlparse.c has also been committed to Python's copy, and the crasher test has been moved to the regular xml.parsers.expat tests.
Of course, you might wait a few days to see whether Fred creates another release that we could incorporate without introducing new features.
I'm not ready to push for an Expat release, since I've not had much time to pay attention to that project over the past year. I'm trying to catch up on that project's email, but don't expect it to be quick. Once I've had time to discuss this with the current principal maintainer, it shouldn't be difficult to get a 2.0.1 release out the door. Once that's done, it'll be time to sync with the Expat release again. -Fred -- Fred L. Drake, Jr. <fdrake at acm.org>
participants (3)
-
"Martin v. Löwis" -
Brett Cannon -
Fred L. Drake, Jr.