Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose error code XML_ERROR_NOT_STARTED of Expat >=2.6.4 #126624

Open
hartwork opened this issue Nov 9, 2024 · 6 comments
Open

Expose error code XML_ERROR_NOT_STARTED of Expat >=2.6.4 #126624

hartwork opened this issue Nov 9, 2024 · 6 comments
Labels
extension-modules C modules in the Modules dir topic-XML type-feature A feature request or enhancement

Comments

@hartwork
Copy link
Contributor

hartwork commented Nov 9, 2024
edited by picnixz
Loading

Bug report

Bug description:

The error code was introduced by a security fix (at libexpat/libexpat@51c7019) but the XML_StopParser C-API is not exposed through CPython yet so it should not be possible to encounter such error. In particular, exposing the error code can be considered a feature or postpone until #59979 is resolved.

CPython versions tested on:

3.9, 3.10, 3.11, 3.12, 3.13, 3.14, CPython main branch

Operating systems tested on:

Linux, macOS, Windows, Other

Linked PRs
@hartwork hartwork added the type-bug An unexpected behavior, bug, or error label Nov 9, 2024
@bedevere-app bedevere-app bot mentioned this issue Nov 9, 2024
Open
@hartwork hartwork mentioned this issue Nov 9, 2024
Closed
27 tasks
@hartwork hartwork changed the title Please expose the new error code XML_ERROR_NOT_STARTED of Expat >=2.6.4 Please expose error code XML_ERROR_NOT_STARTED of Expat >=2.6.4 Nov 9, 2024
@picnixz picnixz added type-feature A feature request or enhancement topic-XML extension-modules C modules in the Modules dir and removed type-bug An unexpected behavior, bug, or error labels Nov 9, 2024
@picnixz
Copy link
Contributor

picnixz commented Nov 9, 2024

@hartwork Is this one needed for security reasons or bug fixes? (I assumed no, hence the "feature request"). Depending on your answer, we would need to backport it.

@hartwork
Copy link
Contributor Author

hartwork commented Nov 9, 2024

@picnixz it was introduced by a security fix (at libexpat/libexpat@51c7019). I would like to vote for backporting because the underlying Expat is moving and hence could start producing that error code and distros will be backporting the security fix. I can help with the backport as needed. What do you think?

@picnixz
Copy link
Contributor

picnixz commented Nov 9, 2024
edited by terryjreedy
Loading

I would like to vote for backporting

In general, we have a strict policy of what we backport and when. Bug fixes are backported up to the oldstable version (3.12) while security fixes are backported to all security branches (3.9+).

could start producing that error code

If it can produce that error code and can be reachable from Python (not C) code, then I think it makes sense to backport it as far as #126623 is backported. Having had a look at your PR, I think it can be reachable from pure Python code (namely the user can see such error). So I'll categorize this one as a security issue as well (not strictly a security issue, just that it's a follow-up to #126623).

I can help with the backport as needed

I don't think it'll be needed since the bot will likely handle them if there's no conflict. If there are conflicts, they'll likely be easy to fix (if not, you can definitely help).

@picnixz picnixz added type-security A security issue and removed type-feature A feature request or enhancement labels Nov 9, 2024
@picnixz picnixz changed the title Please expose error code XML_ERROR_NOT_STARTED of Expat >=2.6.4 Expose error code XML_ERROR_NOT_STARTED of Expat >=2.6.4 Nov 9, 2024
@picnixz picnixz added 3.11 only security fixes 3.10 only security fixes 3.9 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes labels Nov 9, 2024
@hartwork
Copy link
Contributor Author

hartwork commented Nov 9, 2024
edited
Loading

@picnixz I just found that the XML_StopParser C-API is not exposed through CPython yet — #59979 — which makes this error code not likely to be observable from CPython then. It will likely not need a backport then.

@picnixz
Copy link
Contributor

picnixz commented Nov 9, 2024

Oh, then I'll consider it as a new feature. Sorry for the noise!

@picnixz picnixz added type-feature A feature request or enhancement and removed type-security A security issue 3.11 only security fixes 3.10 only security fixes 3.9 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes labels Nov 9, 2024
@hartwork
Copy link
Contributor Author

hartwork commented Nov 9, 2024

@picnixz I learned something in the process, no worries. Thanks for the discussion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
extension-modules C modules in the Modules dir topic-XML type-feature A feature request or enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hartwork @picnixz