Python floating point exception on parsing saml
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxml |
New
|
Undecided
|
Unassigned |
Bug Description
Python : sys.version_
lxml.etree : (5, 1, 0, 0)
libxml used : (2, 12, 3)
libxml compiled : (2, 12, 3)
libxslt used : (1, 1, 39)
libxslt compiled : (1, 1, 39)
(It says above that I'm running libxml2 2.12.3, but what's installed on my system is the Debian 2.9.14+dfsg-1.3+b2, so I don't know if the venv is causing trouble here. Just thought I'd mention.)
How to reproduce:
1. mkdir bug; cd bug; python -m venv .venv; source .venv/bin/activate
2. pip install lxml==5.1.0 xmlsec==1.3.13
3. run the following python program:
import xmlsec
import lxml
xml = '''
<samlp:Response
ID=
Version="2.0"
IssueInstan
Destination="https:/
InResponseT
xmlns:
</samlp:Response>
'''
elem = lxml.etree.
xmlsec.
## ------ END
Result: Floating point exception
Doing "pip install lxml==4.9.4" makes the program run without crash.
Backtrace:
#0 0x00007ffff7501b21 in ?? () from /lib/x86_
#1 0x00007ffff750277c in xmlHashLookup3 () from /lib/x86_
#2 0x00007ffff7514dac in xmlGetID () from /lib/x86_
#3 0x00007ffff7689c9a in xmlSecAddIDs () from /lib/x86_
#4 0x00007ffff7b2e441 in PyXmlSec_TreeAddIds (self=<optimized out>, args=<optimized out>,
kwargs=
at /tmp/pip-
#5 0x0000000000542fca in ?? ()
#6 0x000000000051490b in _PyObject_
#7 0x0000000000528559 in _PyEval_
#8 0x00000000006046ff in PyEval_EvalCode ()
#9 0x000000000061e85b in ?? ()
#10 0x000000000061af33 in ?? ()
#11 0x000000000062d666 in ?? ()
#12 0x000000000062d3d1 in _PyRun_
#13 0x000000000062d1e8 in _PyRun_
#14 0x000000000062b6bb in Py_RunMain ()
#15 0x00000000005f7cab in Py_BytesMain ()
#16 0x00007ffff7cc86ca in __libc_
argv=
#17 0x00007ffff7cc8785 in __libc_
init=<optimized out>, fini=<optimized out>, rtld_fini=
at ../csu/
#18 0x00000000005f7b41 in _start ()
The floating point exception occurs due to "https:/
I know that there are two components involved here (lxml and xmlsec), but since it works again by downgrading lxml, I just suspected that there was some sort of regression at play here.
> The floating point exception occurs due to /gitlab. gnome.org/ GNOME/libxml2/ -/blob/ 4f221a774896fcb 5a9dd5c270c5de5 2b2ba0a45a/ hash.c# L110"
"https:/
> (division by 0), but I thought that line was gone in 2.12.3.
According to the stack trace, it's not lxml but xmlsec calling into libxml2 here, which uses a different version of it than lxml. Probably your system installed library, which still has the crashing line.
It's generally a source of crashes to use different libxml2 versions in lxml and xmlsec. It's best to build lxml from sources of you run into this. Or use an older lxml version that comes with a compatible libxml2 version.