[ZCM] [ZC] 1617/10 Resolve "zpt code crashes zope"

Collector: Zope Bugs, Features, and Patches ... zope-coders-admin at zope.org
Sun Jan 30 11:56:35 EST 2005 

Issue #1617 Update (Resolve) "zpt code crashes zope"
 ** Security Related ** (Public)
 Status Resolved, Zope/bug critical
To followup, visit:
  http://collector.zope.org/Zope/1617

==============================================================
= Resolve - Entry #10 by ajung on Jan 30, 2005 11:56 am

 Status: Accepted => Resolved

Bad English today....... The fixes for this issues were ported from 2.7
to the SVN trunk.
________________________________________
= Comment - Entry #9 by ajung on Jan 30, 2005 11:43 am

Changes to cAccessControl ported to SVN trunk (Zope 2.8a2)
________________________________________
= Comment - Entry #8 by efge on Dec 14, 2004 12:01 pm

Andreas and Tim checked in code to fix this in the 2.7 branch.
It's not ported to svn trunk yet.

http://cvs.zope.org/Zope/lib/python/AccessControl/Attic/cAccessControl.c.diff?r2=text&tr1=1.20.2.10&tr2=1.20.2.19&r1=text&diff_format=u

________________________________________
= Comment - Entry #7 by efge on Dec 10, 2004 8:58 am

Jim confirmed in the list that it's indeed a Zope problem, not a python one. cAccessControl should test the return value of the call before doing [0].

________________________________________
= Unrestrict_accepted - Entry #6 by ajung on Dec 10, 2004 1:47 am


________________________________________
= Comment - Entry #5 by ajung on Dec 9, 2004 8:30 am

URL of Python bug report:

https://sourceforge.net/tracker/index.php?func=detail&aid=1082085&group_id=5470&atid=105470
________________________________________
= Comment - Entry #4 by ajung on Dec 9, 2004 7:55 am

This bug is reproducable with Python 2.3.4 and Python 2.4.0 
inside a Python-only environment. So this is definetely a bug
in Python...filing a Python bug report now.
________________________________________
= Assign_confidential - Entry #3 by ajung on Dec 9, 2004 7:47 am

 Status: Pending => Accepted

 Supporters added: ajung


________________________________________
= Comment - Entry #2 by ajung on Dec 9, 2004 7:42 am

I tracked this issue down.

Zope/Python segfaults in cAccessControl, line 2053

u'\xc4' is passed to PyString_AsString() which causes the crash.

No idea if this happens because of some reference counting problem...
trying to reproduce the error within a Python-only environment.
________________________________________
= Request - Entry #1 by jmo on Dec 9, 2004 7:22 am


Uploaded:  "unicode-crash.txt"
 - http://collector.zope.org/Zope/1617/unicode-crash.txt/view
the following ZPT code crashes zope (python hangs or dumps core) - see also the attachment

<tal:block define="
 items python: {u'\xc4': ''};
 key python: u'\xc4'"
content="items/?key" />
==============================================================

More information about the Zope-Collector-Monitor mailing list