|
David Fraser
davidf at sjsoft.com
Mon Nov 10 14:59:15 EST 2003
Matt Hoskins wrote: >On Mon, 2003-11-10 at 12:10, David Fraser wrote: > > >>Matt Hoskins wrote: >> >> >> >>>I believe that mod python 2.7.8 and 3.0.3 (and possibly the latest 3.1, >>>although I haven't tested them) can be made to lead to a segmentation >>>fault under unix (and the equivilent under win32) if you have an empty >>>query string element on the url. I don't have a debug build of >>>python/apache/etc, but it seems to be during a python_finalize that >>>things actually explode. >>> >>>So the most simple case is: >>>http://myserver/?& >>> >>>It'll explode with any empty query string component I believe. I'm >>>guessing it's the fact that the length of the whole element is 0 that's >>>upsetting things, as the following doesn't cause things to go >>>horribly wrong (and you correctly get an entry with an empty key): >>> >>>http://myserver/?=& >>> >>>As I'm not up to speed on python innards I don't know exactly why it's >>>getting upset. Should be easy to hack a fix to just skip entirely empty >>>entries, but the correct fix I guess would add a key/value pair of empty >>>strings to the url argument dictionary (why anyone would care about such >>>an entry I don't know ;). >>> >>>I've had this error occur with apache 1.3.28/mod python 2.7.8/python >>>2.2.3 under linux and windows, and apache 2.0.47/mod python 3.0.3/python >>>2.3.2 under linux. >>> >>>Regards, >>>Matt >>> >>> >>> >>Works for me on Apache 2.0.47/mod_python 3.0.3/python 2.2.2 and apache >>1.3.27/mod_python 2.7.8/python 2.2.2 under linux >>Was this using a normal install, and do you have a simple test case of >>the config/.htaccess files and handler that generates this error? >> >> > >Are you using the FieldStorage stuff? Tt's actually the util.parse_qsl >routine which is exploding for me. I'm half asleep this morning, so >forgot to mention it was parse_qsl which was setting up stuff to cause >things to blow up. > >I've hacked my the mod_python code (parse_qsl in _apachemodule.c) here >to skip the empty entries in parse_qsl and that fixes the problem. > >fieldStorage = util.FieldStorage(modPythonRequest, 1) is the way that >parse_qsl is ending up getting called here. I haven't had a chance to >set up a piece of code which just calls this and doesn't do anything >else, so I don't know if you have to actually use the fieldStorage thing >or the values within in to trigger the crash, or whether just cleaning >up after parse_qsl has been called with an empty query entity is enough >to cause the problem. > >If you've tried fieldStorage = util.FieldStorage(modPythonRequest, 1) >and aren't getting an explosion I could take the time to try create a >minimal set of circumstations to cause the error, however I'm 99% sure >it is down to parse_qsl given that "http://myserver/?=&" doesn't cause a >problem with our app, and that should in theory create the same >key/value pair through parse_qsl as "http://myserver/?&" > >Regards, >Matt > > >Matt > > > > OK, I wasn't using keep_blank_values=1 So it looks like a bug in parse_qsl, but I don't know enough CPython to debug it, maybe somebody else can :-) David PS Did you mean to send this to the list too?
|