Skip Menu |

This queue is for tickets about the XML-Parser CPAN distribution.

Report information
The Basics
Id: 19859
Status: resolved
Priority: 0/
Queue: XML-Parser

People
Owner: Nobody in particular
Requestors: rantwijk [...] science.uva.nl
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 2.34
Fixed in: (no value)



Subject: XML::Parser::Expat crashes on utf8 stream
I encountered a UTF-8 related bug in the Expat library wrapper. The symptom of this bug is a Perl interpreter crash with the following error message: *** glibc detected *** double free or corruption (!prev): 0x081e2c00 *** This error is caused by heap corruption from a buffer overflow in Expat.xs, line 388: Copy(tb, buffer, br, char) This buffer overflow happens because the code assumes that the number of bytes copied (br) will never exceed the number of characters read from the input (buffsize). This assumption is invalid if the input stream is in utf8 mode. The best solution is to have the Perl programmer set the stream to raw mode, since this is also what libexpat expects. I think however, that the internal buffer overflow should be fixed anyway. The encoding issues could also be documented more clearly. Sample program which triggers the bug on certain input files: --- use strict; use encoding 'utf8'; use XML::Parser; # (if i uncomment this, the bug disappears) binmode(STDIN, ':bytes'); my $parser = XML::Parser->new( Style => 'Debug' ); $parser->parse(\*STDIN); --- If the package maintainer agrees that this bug should be fixed, I am willing to provide a patch and do some testing. Just let me know if this is appreciated. Package: XML-Parser-2.34 Perl version: v5.8.5 built for i386-linux-thread-multi OS: Fedora Core release 3 Bye, Joris.
From: ATOURBIN [...] cpan.org
Show quoted text
> If the package maintainer agrees that this bug should be fixed, I am > willing to provide a patch and do some testing. Just let me know if
this Show quoted text
> is appreciated.
It looks like XML::Parser is unmaintained for quite some time, which is contrary to its wide-spread use. The patch for the problem you've reported can be appreciated not only by maintainer, but also by software vendors and ultimately by perl developers and users. So... If you have a patch, please post it here. -- Alexey Tourbin ALT Linux Team PS: I filed a few bugs on XML::Parser too, e.g. #11917 and #13204.
Subject: Re: [rt.cpan.org #19859] XML::Parser::Expat crashes on utf8 stream
Date: Fri, 11 Aug 2006 07:54:05 +0200
To: bug-XML-Parser [...] rt.cpan.org
From: Joris van Rantwijk <rantwijk [...] science.uva.nl>
On Thu, 2006-08-10 at 20:47 -0400, via RT wrote: Show quoted text
> It looks like XML::Parser is unmaintained for quite some time, which > is contrary to its wide-spread use. The patch for the problem you've > reported can be appreciated not only by maintainer, but also by > software vendors and ultimately by perl developers and users. So... > If you have a patch, please post it here.
I have a patch that seems to work (attached to this message). This patch has also been posted to the Debian bug tracking system: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378411 The patch only fixes the overflow condition. The issue remains that Expat expects its input to be raw (encoded) bytes, while the Perl programmer may accidentally pass it a decoded stream. This will lead to double decoding and incorrect XML parsing (except when the encoding was utf8, because Perl happens to use utf8 internally for unicode strings). Perhaps we should say in the Expat.pm documentation that input streams must be set to ':raw' mode. Joris.

Message body is not shown because sender requested not to inline it.

Ticket migrated to github as https://github.com/toddr/XML-Parser/issues/64