[XML-SIG] Nastiness in xml/extensions/pyexpat.c

Uche Ogbuji uche.ogbuji@fourthought.com
Mon, 10 Jun 2002 01:36:15 -0600

> Uche Ogbuji <uche.ogbuji@fourthought.com> writes:
> > The following simple program dumps core currently.
> Can you rephrase this example to only use PyXML (or perhaps even to
> only use the expatreader)? I cannot reproduce the crash; I don't have
> test.xml, and I don't have cDomlette.implementation.

So could it be a clash between cDomlette and PyXML?  I find this hard to 
believe, or perhaps just understand.  The crash I see manifests itself long 
before it gets near any cDomlette code.

> I modified the
> code to ignore cDomlette.implementation, and took an arbitrary
> document, and got a traceback ending in
>   File "/usr/local/lib/python2.3/site-packages/_xmlplus/dom/ext/reader/Sax2.py", line 170, in _completeTextNode
>     if self._currText and len(self._nodeStack) and self._nodeStack[-1].nodeType != Node.DOCUMENT_NODE:
> AttributeError: XmlDomGenerator instance has no attribute '_currText'
> which appears to be unrelated to the current problem.

This is what is fixed by the initState() call.

> > This function doesn't really do anything to "flag" an error.  It
> > merely clears the handlers.  The problem is that in most cases the
> > code just continues on, and then it dumps core the next time it
> > comes to invoking a handler (jump to address 0) since all handler
> > pointers are now NULL.
> It does not have to flag the error. When it is called, a Python
> exception has been raised, so when it gets out of expat, the Python
> exception is propagated.

The "when it gets out of expat" is the key phrase here.  From what I see, the 
entire problem is that it is not getting out of expat quickly enough.  I.e. it 
is going from the NSDecl handler to the StartELement handler without checking 
in the meantime for the global exception flag for early exit.

I suppose I'll have to narrow this down further.

Does anyone know how to get DDD to load symbols for an so that has not yet 
been loaded?  This would have helped yesterday as well.

> Why does it crash? I.e. why does anybody invoke a NULL handler? Expat
> always checks whether a handler is set before invoking it.

Not in the code I saw from the core dump stack trace.

> > So the question is, how do we make the handling of the
> > startPrefixMapping exception less confusing and drastic.  I have
> > ideas, but I only dimly understood pyexpat.c, and these would
> > invariably be hacks.
> I need to understand the problem first, too.

I guess I have some more work to do in tracing this...

Uche Ogbuji                                    Fourthought, Inc.
http://uche.ogbuji.net    http://4Suite.org    http://fourthought.com
Track chair, XML/Web Services One (San Jose, Boston): 
DAML Reference - http://www.xml.com/pub/a/2002/05/01/damlref.html
The Languages of the Semantic Web - http://www.newarchitectmag.com/documents/s=
XML, The Model Driven Architecture, and RDF @ XML Europe -