[ python-Bugs-883495 ] python crash in pyexpat's
XmlInitUnknownEncodingNS
SourceForge.net
noreply at sourceforge.net
Sat Jan 24 02:15:11 EST 2004
Bugs item #883495, was opened at 2004-01-24 07:15
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=883495&group_id=5470
Category: Extension Modules
Group: Python 2.3
Status: Open
Resolution: None
Priority: 5
Submitted By: Matthias Klose (doko)
Assigned to: Nobody/Anonymous (nobody)
Summary: python crash in pyexpat's XmlInitUnknownEncodingNS
Initial Comment:
[forwarded from http://bugs.debian.org/229281]
seen with 2.3.3, works with 2.2.3 and 2.1.3 (after
fixing the 2.1 incompatibilities). The pyexpat code
used is the one direct from the distribution, no
external library.
The attached testcase demonstrates a bug in,
apparently, /usr/lib/python2.3/lib-dynload/pyexpat.so.
Here's the bug in gdb:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 28350)]
0x40566800 in XmlInitUnknownEncodingNS ()
from /usr/lib/python2.3/lib-dynload/pyexpat.so
To try it youself, run "make" in the testcase
directory. I apoligise for the size of this testcase; I
would have whitteled it down to something simpler, but
I am not a python programmer. I also apoligise if the
bug is really in some library that python uses; I only
went back as far as pyexpat.so.
Some developers on IRC feel this may be exploitable.
Talk with Scott James Remnant <scott at netsplit.com>, who
also has some idea of the encoding problems in the rss
file that are causing the crash.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=883495&group_id=5470
More information about the Python-bugs-list
mailing list