[XML-SIG] Nastiness in xml/extensions/pyexpat.c

[Martin v. Loewis]

Uche Ogbuji <uche.ogbuji@fourthought.com> writes:

> The following simple program dumps core currently.

Can you rephrase this example to only use PyXML (or perhaps even to
only use the expatreader)? I cannot reproduce the crash; I don't have
test.xml, and I don't have cDomlette.implementation. I modified the
code to ignore cDomlette.implementation, and took an arbitrary
document, and got a traceback ending in

  File "/usr/local/lib/python2.3/site-packages/_xmlplus/dom/ext/reader/Sax2.py", line 170, in _completeTextNode
    if self._currText and len(self._nodeStack) and self._nodeStack[-1].nodeType != Node.DOCUMENT_NODE:
AttributeError: XmlDomGenerator instance has no attribute '_currText'

which appears to be unrelated to the current problem.

> This function doesn't really do anything to "flag" an error.  It
> merely clears the handlers.  The problem is that in most cases the
> code just continues on, and then it dumps core the next time it
> comes to invoking a handler (jump to address 0) since all handler
> pointers are now NULL.

It does not have to flag the error. When it is called, a Python
exception has been raised, so when it gets out of expat, the Python
exception is propagated.

Why does it crash? I.e. why does anybody invoke a NULL handler? Expat
always checks whether a handler is set before invoking it.

> So the question is, how do we make the handling of the
> startPrefixMapping exception less confusing and drastic.  I have
> ideas, but I only dimly understood pyexpat.c, and these would
> invariably be hacks.

I need to understand the problem first, too.

Regards,
Martin