|
Vaclav Blazek
blazek at firma.seznam.cz
Fri Nov 14 12:56:14 EST 2003
> OK, I wasn't using keep_blank_values=1
> So it looks like a bug in parse_qsl, but I don't know enough CPython to
> debug it, maybe somebody else can :-)
> David
> PS Did you mean to send this to the list too?
Hello all mod_pythoner's,
I'm sorry to reply to the message outside of it's thread, but I've just
subscribted to this mailing list and cannot get the Message-ID of the
original message.
Well, the main problem is in functions parse_qs() and parse_qsl()
(src/_apachemodule.c). In these functions, there's the query-string broken by
the '&' character and any part is considered as key=value pair which is then
broken by the '=' character and stored in dict (parse_qs) or in list
(parse_qsl).
Everything is fine until the size of pair is 0. In this case, there are
created two python strings with zero length. Then the processing of both
parst is made and these python strings are resized to the new size, which is
also 0. But python (to be more precise, the function _PyString_Resize())
complains (by an exception) when you try to resize string of size 0 to size
0. Since this exception is not handled and the _PyString_Resize() function
changes the pointer to the python string to NULL, next py_DECREF() causes
SIGSEGV.
I've added code which tests original pair's length in both functions and skips
processing when string is empty. I'm usign mod_python 3.0.3, but the code of
these functions is the same in the latest version. Here comes the diff:
@@ -183,6 +183,11 @@
cpair = PyString_AS_STRING(pair);
len = strlen(cpair);
+ if (!len) {
+ /* Skip processing of empty string. */
+ ++n;
+ continue;
+ }
key = PyString_FromStringAndSize(NULL, len);
if (key == NULL)
return NULL;
@@ -301,6 +306,11 @@
/* split the "abc=def" pair */
plen = strlen(cpair);
+ if (!plen) {
+ /* Skip processing of empty string. */
+ ++i;
+ continue;
+ }
key = PyString_FromStringAndSize(NULL, plen);
if (key == NULL)
return NULL;
--
Vaclav Blazek, Programer
Seznam.cz a.s., Prague, Czech Republic
|