Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix bugs when parsing sequences in overlapped-lists mode #530

Merged
merged 4 commits into from Dec 26, 2022

Conversation

Mingun
Copy link
Collaborator

@Mingun Mingun commented Dec 25, 2022

This fixes two bugs, that I've found:

  • Deserializer::skip() could enter to an infinity loop when parse malformed XML (some tags does not closed)
  • Deserializer::read_to_end() could return success when parse malformed XML (some tags does not closed)

I think both bugs are important enough to release 0.27.1

@Mingun Mingun added bug serde Issues related to mapping from Rust types to XML arrays Issues related to mapping XML content onto arrays using serde labels Dec 25, 2022
@Mingun Mingun requested a review from dralley December 25, 2022 19:00
@codecov-commenter
Copy link

codecov-commenter commented Dec 25, 2022

Codecov Report

Merging #530 (ca7aa21) into master (f63910d) will decrease coverage by 0.03%.
The diff coverage is 98.50%.

@@            Coverage Diff             @@
##           master     #530      +/-   ##
==========================================
- Coverage   60.87%   60.83%   -0.04%     
==========================================
  Files          33       33              
  Lines       15706    15719      +13     
==========================================
+ Hits         9561     9563       +2     
- Misses       6145     6156      +11     
Flag Coverage Δ
unittests 60.83% <98.50%> (-0.04%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/de/mod.rs 57.36% <98.50%> (-0.33%) ⬇️
src/reader/parser.rs 98.65% <0.00%> (-0.68%) ⬇️
src/de/map.rs 72.36% <0.00%> (-0.44%) ⬇️
src/lib.rs 13.25% <0.00%> (+0.07%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

src/de/mod.rs Show resolved Hide resolved
Changelog.md Outdated Show resolved Hide resolved
Mingun and others added 4 commits December 26, 2022 13:34
Co-authored-by: Daniel Alley <dalley@redhat.com>
(Review this commit with "ignore whitespace changes" option)

failures (1):
    de::tests::read_to_end::invalid_xml
@dralley dralley merged commit b99adec into tafia:master Dec 26, 2022
@Mingun Mingun deleted the fix-infinity-loop branch December 26, 2022 20:12
Mingun added a commit that referenced this pull request Dec 28, 2022
crapStone added a commit to Calciumdibromid/CaBr2 that referenced this pull request Dec 29, 2022
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [quick-xml](https://github.com/tafia/quick-xml) | dependencies | minor | `0.26.0` -> `0.27.1` |

---

### Release Notes

<details>
<summary>tafia/quick-xml</summary>

### [`v0.27.1`](https://github.com/tafia/quick-xml/blob/HEAD/Changelog.md#&#8203;0271----2022-12-28)

[Compare Source](tafia/quick-xml@v0.27.0...v0.27.1)

##### Bug Fixes

-   [#&#8203;530]: Fix an infinite loop leading to unbounded memory consumption that occurs when
    skipping events on malformed XML with the `overlapped-lists` feature active.
-   [#&#8203;530]: Fix an error in the `Deserializer::read_to_end` when `overlapped-lists`
    feature is active and malformed XML is parsed

[#&#8203;530]: tafia/quick-xml#530

### [`v0.27.0`](https://github.com/tafia/quick-xml/blob/HEAD/Changelog.md#&#8203;0270----2022-12-25)

[Compare Source](tafia/quick-xml@v0.26.0...v0.27.0)

##### New Features

-   [#&#8203;521]: Implement `Clone` for all error types. This required changing `Error::Io` to contain
    `Arc<std::io::Error>` instead of `std::io::Error` since `std::io::Error` does not implement
    `Clone`.

##### Bug Fixes

-   [#&#8203;490]: Ensure that serialization of map keys always produces valid XML names.
    In particular, that means that maps with numeric and numeric-like keys (for
    example, `"42"`) no longer can be serialized because [XML name] cannot start
    from a digit
-   [#&#8203;500]: Fix deserialization of top-level sequences of enums, like
    ```xml
    <?xml version="1.0" encoding="UTF-8"?>
    <!-- list of enum Enum { A, B, С } -->
    <A/>
    <B/>
    <C/>
    ```
-   [#&#8203;514]: Fix wrong reporting `Error::EndEventMismatch` after disabling and enabling
    `.check_end_names`
-   [#&#8203;517]: Fix swapped codes for `\r` and `\n` characters when escaping them
-   [#&#8203;523]: Fix incorrect skipping text and CDATA content before any map-like structures
    in serde deserializer, like
    ```xml
    unwanted text<struct>...</struct>
    ```
-   [#&#8203;523]: Fix incorrect handling of `xs:list`s with encoded spaces: they still
    act as delimiters, which is confirmed also by mature XmlBeans Java library
-   [#&#8203;473]: Fix a hidden requirement to enable serde's `derive` feature to get
    quick-xml's `serialize` feature for `edition = 2021` or `resolver = 2` crates

##### Misc Changes

-   [#&#8203;490]: Removed `$unflatten=` special prefix for fields for serde (de)serializer, because:

    -   it is useless for deserializer
    -   serializer was rewritten and does not require it anymore

    This prefix allowed you to serialize struct field as an XML element and now
    replaced by a more thoughtful system explicitly indicating that a field should
    be serialized as an attribute by prepending `@` character to its name
-   [#&#8203;490]: Removed `$primitive=` prefix. That prefix allowed you to serialize struct
    field as an attribute instead of an element and now replaced by a more thoughtful
    system explicitly indicating that a field should be serialized as an attribute
    by prepending `@` character to its name
-   [#&#8203;490]: In addition to the `$value` special name for a field a new `$text`
    special name was added:

    -   `$text` is used if you want to map field to text content only. No markup is
        expected (but text can represent a list as defined by `xs:list` type)
    -   `$value` is used if you want to map elements with different names to one field,
        that should be represented either by an `enum`, or by sequence of `enum`s
        (`Vec`, tuple, etc.), or by string. Use it when you want to map field to any
        content of the field, text or markup

    Refer to [documentation] for details.
-   [#&#8203;521]: MSRV bumped to 1.52.
-   [#&#8203;473]: `serde` feature that used to make some types serializable, renamed to `serde-types`
-   [#&#8203;528]: Added documentation for XML to `serde` mapping

[#&#8203;473]: tafia/quick-xml#473

[#&#8203;490]: tafia/quick-xml#490

[#&#8203;500]: tafia/quick-xml#500

[#&#8203;514]: tafia/quick-xml#514

[#&#8203;517]: tafia/quick-xml#517

[#&#8203;521]: tafia/quick-xml#521

[#&#8203;523]: tafia/quick-xml#523

[#&#8203;528]: tafia/quick-xml#528

[XML name]: https://www.w3.org/TR/xml11/#NT-Name

[documentation]: https://docs.rs/quick-xml/0.27.0/quick_xml/de/index.html#difference-between-text-and-value-special-names

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC43My4wIiwidXBkYXRlZEluVmVyIjoiMzQuNzQuMiJ9-->

Co-authored-by: cabr2-bot <cabr2.help@gmail.com>
Co-authored-by: crapStone <crapstone01@gmail.com>
Reviewed-on: https://codeberg.org/Calciumdibromid/CaBr2/pulls/1692
Reviewed-by: crapStone <crapstone@noreply.codeberg.org>
Co-authored-by: Calciumdibromid Bot <cabr2_bot@noreply.codeberg.org>
Co-committed-by: Calciumdibromid Bot <cabr2_bot@noreply.codeberg.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
arrays Issues related to mapping XML content onto arrays using serde bug serde Issues related to mapping from Rust types to XML
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants