[ expat-Bugs-434665 ] memory bug in XML_Parse

noreply@sourceforge.net noreply@sourceforge.net
Fri, 10 Aug 2001 06:47:04 -0700 

Bugs item #434665, was opened at 2001-06-19 19:48
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=434665&group_id=10127

Category: None
Group: None
Status: Closed
Resolution: Fixed
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Fred L. Drake, Jr. (fdrake)
Summary: memory bug in XML_Parse

Initial Comment:
A check should be added to the end of XML_Parse() in 
xmlparse.c --- the line currently reads

memcpy(XML_GetBuffer(parser, len), s, len);

but XML_GetBuffer can return 0.

Michael Isard.


----------------------------------------------------------------------

>Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2001-08-10 06:47

Message:
Logged In: YES 
user_id=3066

I'd certainly appreciate the confirmation!  One thing I've
learned working on Python is that anything that causes a
memory violation is Pure Evil(tm) and must be squashed.

----------------------------------------------------------------------

Comment By: Andy Southgate (southa)
Date: 2001-08-10 02:20

Message:
Logged In: YES 
user_id=29974

Hi,

I hit this bug for real running expat on an embedded
platform (128K RAM) and can test, if that's any help. 
Thanks for the fix.

Andy Southgate


----------------------------------------------------------------------

Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2001-08-09 13:52

Message:
Logged In: YES 
user_id=3066

Ok, thanks!

----------------------------------------------------------------------

Comment By: Michael Isard (mmisard)
Date: 2001-08-09 13:46

Message:
Logged In: YES 
user_id=252517

I just noticed this reading the code, so I have no test code
which triggers it.

Thanks,
Michael.


----------------------------------------------------------------------

Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2001-08-09 11:12

Message:
Logged In: YES 
user_id=3066

This should not have been categorized as an XML::Parser
issue.  I did that, but I'm not at all sure why...

----------------------------------------------------------------------

Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2001-08-09 11:11

Message:
Logged In: YES 
user_id=3066

Fixed in lib/xmlparse.c revision 1.22.

Was this triggered by a real lack of memory or some other
condition?  Or was this found simply by reading the code? 
(If there's some other way to trigger the condition, I'd
like to know about it so the diagnostics can be relatively
specific.)

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=434665&group_id=10127