Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic when parsing invalid comments <!--> #604

Closed
Tpt opened this issue Jun 1, 2023 · 2 comments · Fixed by #618
Closed

Panic when parsing invalid comments <!--> #604

Tpt opened this issue Jun 1, 2023 · 2 comments · Fixed by #618
Labels
bug help wanted

Comments

@Tpt
Copy link
Contributor

Tpt commented Jun 1, 2023

On the following input quick XML 0.28-2 panics with 'slice index starts at 3 but ends at 1', quick-xml-0.28.2/src/reader/parser.rs:104:22

<?xml version="1.0" encoding="utf-8"?>
<sparql xmlns="http://www.w3.org/2005/sparql-resu:lts#">
<head>
        <variable name="str"/>
</head>
<results>
        <result></result> <!-->
        <result></resulhtmlns>=

I believe this error is caused by this line where the buf.len() + i > 4 check is wrong.
@Mingun
Copy link
Collaborator

Mingun commented Jun 1, 2023

Could you post all your code with the problem, or at least how you create reader. Probably the same reason as in #590.

The mentioned line definitely not source of this bug, because error message clearly states, that start index of a indexing range is 3, but in the mentioned case it is 0.

@Tpt
Copy link
Contributor Author

Tpt commented Jun 1, 2023

@Mingun Thank you for your reply! Here is a test that reproduces the problem:

#[test]
fn reproduce() {
    let data = b"<?xml version=\"1.0\" encoding=\"utf-8\"?><!-->";
    let mut reader = Reader::from_reader(data.as_slice());
    let mut buf = Vec::new();
    loop {
        match reader.read_event_into(&mut buf) {
            Ok(Event::Eof) => break,
            _ => ()
        }
    }
}

Tpt added a commit to Tpt/quick-xml that referenced this issue Jun 25, 2023
@Tpt
Fails on empty comments without 4 -"
2b152be 
The parser was crashing because of bad slice bounds

Closes tafia#604
@Tpt Tpt mentioned this issue Jun 25, 2023
Merged
@Mingun Mingun mentioned this issue Jun 26, 2023
Closed
Tpt added a commit to Tpt/quick-xml that referenced this issue Jun 27, 2023
@Tpt
Avoids crash on invalid comments when the buffer when the buffer was …
2cf962a 
…not cleared before

Closes tafia#604
Tpt added a commit to Tpt/quick-xml that referenced this issue Jun 27, 2023
@Tpt
Avoids crash on invalid comments when the buffer when the buffer was …
c6a99f7 
…not cleared before

Closes tafia#604
Tpt added a commit to Tpt/quick-xml that referenced this issue Jun 28, 2023
@Tpt
Avoids crash on invalid comments when the buffer when the buffer was …
333f497 
…not cleared before

Closes tafia#604
Mingun pushed a commit to Tpt/quick-xml that referenced this issue Jun 28, 2023
@Tpt @Mingun
Avoids crash on invalid comments when the buffer when the buffer was …
5b8c1aa 
…not cleared before

Closes tafia#604
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fails on empty comments without 4 -" Tpt/quick-xml
2 participants
@Mingun @Tpt