Message 19801 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	doko
Recipients
Date	2004-01-24.07:15:11
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
[forwarded from http://bugs.debian.org/229281] seen with 2.3.3, works with 2.2.3 and 2.1.3 (after fixing the 2.1 incompatibilities). The pyexpat code used is the one direct from the distribution, no external library. The attached testcase demonstrates a bug in, apparently, /usr/lib/python2.3/lib-dynload/pyexpat.so. Here's the bug in gdb: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 28350)] 0x40566800 in XmlInitUnknownEncodingNS () from /usr/lib/python2.3/lib-dynload/pyexpat.so To try it youself, run "make" in the testcase directory. I apoligise for the size of this testcase; I would have whitteled it down to something simpler, but I am not a python programmer. I also apoligise if the bug is really in some library that python uses; I only went back as far as pyexpat.so. Some developers on IRC feel this may be exploitable. Talk with Scott James Remnant <scott@netsplit.com>, who also has some idea of the encoding problems in the rss file that are causing the crash.

[forwarded from http://bugs.debian.org/229281]

seen with 2.3.3, works with 2.2.3 and 2.1.3 (after
fixing the 2.1 incompatibilities). The pyexpat code
used is the one direct from the distribution, no
external library.

The attached testcase demonstrates a bug in,
apparently, /usr/lib/python2.3/lib-dynload/pyexpat.so.
Here's the bug in gdb: 
 
Program received signal SIGSEGV, Segmentation fault. 
[Switching to Thread 16384 (LWP 28350)] 
0x40566800 in XmlInitUnknownEncodingNS () 
   from /usr/lib/python2.3/lib-dynload/pyexpat.so 
 
To try it youself, run "make" in the testcase
directory. I apoligise for the size of this testcase; I
would have whitteled it down to something simpler, but
I am not a python programmer. I also apoligise if the
bug is really in some library that python uses; I only
went back as far as pyexpat.so. 
 
Some developers on IRC feel this may be exploitable.
Talk with Scott James Remnant <scott@netsplit.com>, who
also has some idea of the encoding problems in the rss
file that are causing the crash.

History
Date	User	Action	Args
2007-08-23 14:19:36	admin	link	issue883495 messages
2007-08-23 14:19:36	admin	create