| msg60527 - (view) |
Author: Jack Jansen (jackjansen) *  |
Date: 2004-07-04 21:30 |
| Plistlib doesn't do much error checking, and it can crash on bad input. Moreover, it doesn't provide much help if it does crash (no linenumbers, etc). The problem I ran into was a dangling foo. After this key the dict ended, but the next entry in the surrounding datastructure, an array, picked up the key from self.currentKey and crashed in addObject(). I was about to fix this when I noticed that there's lots of problems with handling, duplicates or missing ones aren't detected either and can cause crashes too. It may be better to put a general try/except in parse() and print a line number or something in case of a failure. |
|
|
| msg123725 - (view) |
Author: Mher Movsisyan (mher) |
Date: 2010-12-10 10:30 |
| The attached patch fixes crashes on bad input. The patch implements validation for dict and array elements as well as some resource cleanup. The tests are included as well. |
|
|
| msg123758 - (view) |
Author: Ned Deily (ned.deily) * |
Date: 2010-12-10 23:25 |
| One review comment: the patch adds a new exception class that is used for the errors that are now additionally detected. Elsewhere plistlib uses non-specific exception classes like ValueError. If starting from scratch, it might be better to consistently use a specific exception class but that would create incompatibilities if changed now. I don't see a compelling need to add one now just for these errors. (But, if kept, it should be added to the docs.) Otherwise, looks good to me. Thanks for taking this on! |
|
|
| msg125333 - (view) |
Author: Mher Movsisyan (mher) |
Date: 2011-01-04 15:01 |
| I've replaced plistlib.InvalidPlistError with ValueError |
|
|
| msg125341 - (view) |
Author: Georg Brandl (georg.brandl) * |
Date: 2011-01-04 16:54 |
| LGTM. |
|
|
| msg126089 - (view) |
Author: Éric Araujo (eric.araujo) * |
Date: 2011-01-12 12:39 |
| See also reopened dependency #775321. |
|
|
| msg137115 - (view) |
Author: Roundup Robot (python-dev)  |
Date: 2011-05-28 10:10 |
| New changeset a2688e252204 by Ned Deily in branch '3.1': Issue #985064: Make plistlib more resilient to faulty input plists. http://hg.python.org/cpython/rev/a2688e252204 New changeset f555d959a5d7 by Ned Deily in branch '3.2': Issue #985064: Make plistlib more resilient to faulty input plists. http://hg.python.org/cpython/rev/f555d959a5d7 New changeset d0bc18a50bd1 by Ned Deily in branch 'default': Issue #985064: Make plistlib more resilient to faulty input plists. http://hg.python.org/cpython/rev/d0bc18a50bd1 |
|
|
| msg137116 - (view) |
Author: Ned Deily (ned.deily) * |
Date: 2011-05-28 10:19 |
| Thank you for the patch and tests! Applied in 3.1 (for 3.1.4), 3.2 (for 3.2.1), and 3.3. (The 2.x version of plistlib differs somewhat from the 3.x version so the patch would need some rework and testing for 2.7; that is probably not worth the effort at this point.) |
|
|