[mod_python] Re: Empty URL query elements causing mod_python 2.7.x and 3.0.x to seg fault

Vaclav Blazek blazek at firma.seznam.cz
Fri Nov 14 12:56:14 EST 2003


> OK, I wasn't using keep_blank_values=1
> So it looks like a bug in parse_qsl, but I don't know enough CPython to 
> debug it, maybe somebody else can :-)

> David

> PS Did you mean to send this to the list too?

Hello all mod_pythoner's,

I'm sorry to reply to the message outside of it's thread, but I've just 
subscribted to this mailing list and cannot get the Message-ID of the 
original message.

Well, the main problem is in functions parse_qs() and parse_qsl() 
(src/_apachemodule.c). In these functions, there's the query-string broken by 
the '&' character and any part is considered as key=value pair which is then 
broken by the '=' character and stored in dict (parse_qs) or in list 
(parse_qsl).

Everything is fine until the size of pair is 0. In this case, there are 
created two python strings with zero length. Then the processing of both 
parst is made and these python strings are resized to the new size, which is 
also 0. But python (to be more precise, the function _PyString_Resize()) 
complains (by an exception) when you try to resize string of size 0 to size 
0. Since this exception is not handled and the _PyString_Resize() function 
changes the pointer to the python string to NULL, next py_DECREF() causes 
SIGSEGV.

I've added code which tests original pair's length in both functions and skips 
processing when string is empty.  I'm usign mod_python 3.0.3, but the code of 
these functions is the same in the latest version. Here comes the diff:

@@ -183,6 +183,11 @@
        cpair = PyString_AS_STRING(pair);

        len = strlen(cpair);
+        if (!len) {
+            /* Skip processing of empty string. */
+            ++n;
+            continue;
+        }
        key = PyString_FromStringAndSize(NULL, len);
        if (key == NULL)
            return NULL;
@@ -301,6 +306,11 @@

        /* split the "abc=def" pair */
        plen = strlen(cpair);
+        if (!plen) {
+            /* Skip  processing of empty string. */
+            ++i;
+            continue;
+        }
        key = PyString_FromStringAndSize(NULL, plen);
        if (key == NULL)
            return NULL;

--
Vaclav Blazek, Programer
Seznam.cz a.s., Prague, Czech Republic



More information about the Mod_python mailing list