From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 46900 invoked by alias); 18 Jan 2016 09:33:18 -0000 Mailing-List: contact libabigail-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: Sender: libabigail-owner@sourceware.org Received: (qmail 46768 invoked by uid 89); 18 Jan 2016 09:33:17 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 spammy=H*r:1001, exhibits, UD:k.a X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: ms.seketeli.fr From: Dodji Seketeli To: Ondrej Oprala Cc: Abigail Project Mailing List Subject: Re: [PATCH] PR19433 - Escape filepaths in abixml Organization: Me, myself and I References: <569C9C86.7000500@redhat.com> X-Operating-System: Red Hat Enterprise Linux Workstation 7.2 X-URL: http://www.seketeli.net/~dodji Date: Fri, 01 Jan 2016 00:00:00 -0000 In-Reply-To: <569C9C86.7000500@redhat.com> (Ondrej Oprala's message of "Mon, 18 Jan 2016 09:04:22 +0100") Message-ID: <86lh7n6xm1.fsf@seketeli.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SW-Source: 2016-q1/txt/msg00036.txt.bz2 Hello, Ondrej Oprala a =C3=A9crit: > Filepaths can contain '<' and '>', which makes XML parsers unhappy :( Right. > > * src/abg-writer.cc (write_location): Sanitize the filepath with > xml::escape_xml_string(). I first thought that the reader side should be updated too, to un-escape the stuff that got escaped, but then I realized that the read_location() function from abg-reader.cc uses the xmlGetProp() function from libxml2 which actually does "entity substitution" a.k.a un-escaping. So the patch is good. I am wondering, would it be possible to add a small test case that exhibits the issue? There are cases where it's too complicated to devise a small test case, but I am thinking that in this case, it should be possible fairly easily. Or am I missing something? If we agree, you could add it to the test-types-stability.cc test harness. OK to commit with that change. Cheers, --=20 Dodji