ANSI escape sequences are not handled #3
Comments
|
Hi, thanks for the report! Can you please provide me the package or its spec file or at least a content of the %description section? Plus a example code which leads to crash when opening the generated database? Thank you |
|
Not quite. If you were to append an ANSI escape sequence to the spec's %description field (or perhaps elsewhere), and then build the RPM and run createrepo_c for that RPM, the yum-metadata-parser may crash when parsing the repo. This is because createrepo_c does not strip the ANSI escape sequence. If you open up a spec file in binary mode, and then append chr(27) to the %description, run createrepo_c, and then look at the primary.xml. It still has the chr 27. If you create the repo with createrepo, it removed the chr 27. To actually recreate it I think you need to be fetching the sqlite database, because it's in this parser where it seems to crash. |
|
I see! I will fix it soon. Thanks for cooperation.
|
Exclude chars with val <32 (except the 9, 10, 13) from the strings.
|
Fixed in commit 7efa74c Thanks again kalium99! |
If the RPM spec erroneously contains ANSI escape sequences (I have only tested this in %description), then those bytes are passed into the repo metadata when createrepo_c is called.
This becomes a problem when some parsers (at least that from python's sqlite module), try to parse this and they crash and burn.
createrepo on the other hand avoids this by stripping out the ANSI code.
This was tested using the createrepo_c-0.2.1-1 RPM
The text was updated successfully, but these errors were encountered: