Backport patch to fix segfault in fromxml_str

2023-09-05 16:55:46 +02:00 · 2023-09-05 16:55:46 +02:00 · 29fe8782e6
commit 29fe8782e6
parent 5e12e3f2ed
2 changed files with 98 additions and 1 deletions
--- a/fix-fromxml_str-segfault.patch
+++ b/fix-fromxml_str-segfault.patch
@ -0,0 +1,91 @@
+From 9023f90c3640c795efc8a1ae083c931f5316e448 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
+Date: Tue, 22 Aug 2023 12:01:35 +0200
+Subject: [PATCH 1/2] Move return value check before parsed values are used
+
+It is not sufficient to check the return value after the function output
+is used. We need check it sooner to avoid a Segmentation fault.
+
+For: https://github.com/rpm-software-management/libcomps/issues/103
+---
+ libcomps/src/python/src/pycomps.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/libcomps/src/python/src/pycomps.c b/libcomps/src/python/src/pycomps.c
+index ee6f691..ffc9e71 100644
+--- a/libcomps/src/python/src/pycomps.c
+++ b/libcomps/src/python/src/pycomps.c
+@@ -347,6 +347,11 @@ PyObject* PyCOMPS_fromxml_str(PyObject *self, PyObject *args, PyObject *kwds) {
+     parsed_ret = comps_parse_str(parsed, tmps, options);
+     if (options)
+         free(options);
+    if (parsed_ret == -1) {
+        comps_parse_parsed_destroy(parsed);
+        PyErr_SetString(PyCOMPSExc_ParserError, "Fatal parser error");
+        return NULL;
+    }
+     Py_CLEAR(self_comps->p_groups);
+     Py_CLEAR(self_comps->p_categories);
+     Py_CLEAR(self_comps->p_environments);
+@@ -361,10 +366,6 @@ PyObject* PyCOMPS_fromxml_str(PyObject *self, PyObject *args, PyObject *kwds) {
+     parsed->log = NULL;
+     parsed->comps_doc = NULL;
+     comps_parse_parsed_destroy(parsed);
+-    if (parsed_ret == -1) {
+-        PyErr_SetString(PyCOMPSExc_ParserError, "Fatal parser error");
+-        return NULL;
+-    }
+ 
+     return PyLong_FromLong((long)parsed_ret);
+ }
+
+From 15091c2ae0e70dfd5b92ea6631d323d76273175b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
+Date: Tue, 22 Aug 2023 12:18:02 +0200
+Subject: [PATCH 2/2] Update unittests for `fromxml_str()`
+
+Remove output checks after the parsing raises and exception.
+
+It also adds one more test with completely invalid xml input.
+---
+ libcomps/src/python/tests/__test.py | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/libcomps/src/python/tests/__test.py b/libcomps/src/python/tests/__test.py
+index 4152c7d..63a30e2 100644
+--- a/libcomps/src/python/tests/__test.py
+++ b/libcomps/src/python/tests/__test.py
+@@ -718,24 +718,25 @@ def test_xml(self):
+         ret = comps2.fromxml_f(fname)
+         self.assertTrue(ret == 0, comps2.get_last_errors())
+ 
+-        compsdoc = comps2.xml_str()
+-        compsdoc = compsdoc[0:-5] # make some error
+         self.assertTrue(len(comps2.groups) == 3)
+         self.assertTrue(len(comps2.categories) == 2)
+         self.assertTrue(len(comps2.environments) == 0)
+ 
+-        comps3 = libcomps.Comps()
+-        self.assertRaises(libcomps.ParserError, comps3.fromxml_str, compsdoc)
+-
+-        self.assertTrue(len(comps3.groups) == 3)
+-        self.assertTrue(len(comps3.categories) == 2)
+-        self.assertTrue(len(comps3.environments) == 0)
+         x = self.comps.xml_str(xml_options={})
+         y = comps2.xml_str()
+ 
+         self.assertTrue(x == y)
+         os.remove(fname)
+ 
+        compsdoc = comps2.xml_str()
+        compsdoc = compsdoc[0:-5] # make some error
+        comps3 = libcomps.Comps()
+        self.assertRaises(libcomps.ParserError, comps3.fromxml_str, compsdoc)
+
+        INVALID_COMPS_XML = "invalid xml"
+        comps4 = libcomps.Comps()
+        self.assertRaises(libcomps.ParserError, comps4.fromxml_str, str(INVALID_COMPS_XML))
+
+     #@unittest.skip("")
+     def test_fedora(self):
+         comps = libcomps.Comps()
--- a/libcomps.spec
+++ b/libcomps.spec
@ -2,13 +2,16 @@

 Name:           libcomps
 Version:        0.1.19
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Comps XML file manipulation library

 License:        GPL-2.0-or-later
 URL:            https://github.com/rpm-software-management/libcomps
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz

+# Backported
+Patch:          fix-fromxml_str-segfault.patch
+
 BuildRequires:  gcc-c++
 BuildRequires:  cmake
 BuildRequires:  gcc
@ -116,6 +119,9 @@ popd
 %{python3_sitearch}/%{name}-%{version}-py%{python3_version}.egg-info

 %changelog
+* Tue Sep 05 2023 Mattia Verga <mattia.verga@proton.me> - 0.1.19-4
+- Backport patch to fix segfault in fromxml_str
+
 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.19-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild