Repeatable segfault while editing HTML file

[spyder-bot]

From techtonik@gmail.com on 2013-06-26T14:36:03Z

Spyder Version: 2.3.0dev3 (2872: rfe6f59363a2b )
Python Version: 2.7.4
Qt Version: 4.8.4, PyQt4 (API v1) 4.10 on Linux (Ubuntu 13.04)

What steps will reproduce the problem?

1. The attache file is just 1. Try to edit it to become What is the expected output? What do you see instead? Spyder fails with segfault once a first ' -' is entered.

Please provide any additional information below

.
The bug did not repeat after I restarted Spyder, and hit ? -> Report bug.. to open this page.

I attach debug logs, and I am afraid I don't know what to do next.

Attachment: crash.html gdb.txt

Original issue: http://code.google.com/p/spyderlib/issues/detail?id=1462

[spyder-bot]

From stonebi...@gmail.com on 2013-12-12T10:25:36Z

remark : if you do
2.

t 3. t 4.

It doesn't crash.

[spyder-bot]

From contrebasse on 2013-12-12T12:55:20Z

I can reproduce this bug, but it segfaults when I enter the second '-', I have no problem with the first one.
It doesn't crash if the file has a .py extension rather than html.

I managed to have an error in the internal console (and no crash) by doing :
1.

3.

Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/spyderlib/widgets/sourcecode/syntaxhighlighters.py", line 840, in highlightBlock
self.formats[key])
KeyError: 'multiline_comment_end'

As the crash is only with .html file, I suppose that the crash is also due to the syntax highlighting when the file is invalid.

I have:
Spyder Version: 2.3.0dev (today's last mater)
Python Version: 2.7.6
Qt Version : 4.8.5, PyQt4 (API v2) 4.10.3 on Linux
pyflakes >=0.5.0: 0.7.3 (OK)
pep8 >=0.6 : 1.4.6 (OK)
IPython >=0.13 : 1.1.0 (OK)
rope >=0.9.2 : 0.9.4 (OK)
sphinx >=0.6.6 : 1.1.3 (OK)
matplotlib >=1.0: 1.3.1 (OK)
sympy >=0.7.0 : 0.7.4 (OK)
pylint >=0.25 : 1.0.0 (OK)

[spyder-bot]

From ccordoba12 on 2015-01-02T19:04:22Z

Labels: MS-v2.3.3

[spyder-bot]

From ccordoba12 on 2015-01-09T18:50:55Z

Labels: -MS-v2.3.3 MS-v2.3.4

[Nodd]

I can't reproduce this anymore. Maybe it was fixed when pygments was integrated in spyder ? @techtonik can you check if it's fixed for you ?

[jitseniesen]

I had a look last night and I could reproduce it. I'll try to work on a fix later today.

On 09:16, 24 Jun 2016, at 09:16, Joseph Martinot-Lagarde notifications@github.com wrote:

I can't reproduce this anymore. Maybe it was fixed when pygments was
integrated in spyder ? @techtonik can you check if it's fixed for you ?

---

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#1462 (comment)

[Nodd]

:(
Here is my config, for reference:

Version and main components

• Spyder Version: 3.0.0.dev0
• Python Version: 3.5.1
• Qt Versions: 5.6.0, PyQt5 5.6 on Linux

Dependencies

pyflakes >=0.6.0:  1.2.3 (OK)
pep8 >=0.6      :  1.7.0 (OK)
pygments >=2.0  :  2.1.3 (OK)
qtconsole >=4.0 :  4.2.1 (OK)
nbconvert >=4.0 :  4.2.0 (OK)
pandas >=0.13.1 :  0.18.1 (OK)
numpy >=1.7     :  1.11.0 (OK)
sphinx >=0.6.6  :  1.4.1 (OK)
rope >=0.9.4    :  0.9.4-1 (OK)
jedi >=0.8.1    :  0.9.0 (OK)
psutil >=0.3    :  4.1.0 (OK)
matplotlib >=1.0:  1.5.1 (OK)
sympy >=0.7.3   :  None (NOK)

[techtonik]

I wonder if Spyder is exploitable..

[Nodd]

@techtonik Could you be more constructive ?

[ccordoba12]

I think he means because of malformed source code.

[jitseniesen]

I found an issue in the HTML syntax highlighter. If an occurrence of --> (indicating the end of an HTML comment) is not matched with a <!-- then an uncaught exception is raised, as indicated in the third comment (by contrebasse). For some reason this crashes Spyder on my machine. If I run Spyder in debug mode, open an empty HTML file and type --> then the exception is printed in the console and Spyder does not crash.

I have prepared a pull request to fix the issue.

Here is my configuration, for reference. The main difference with Nodd seems to be that I have Qt4 while he has Qt5.

• Spyder Version: 3.0.0.dev0 dbbca91
• Python Version: 3.5.1
• Qt Versions: 4.8.7, PyQt4 (API v2) 4.11.4 on Linux

Dependencies

pyflakes >=0.6.0:  1.2.3 (OK)
pep8 >=0.6      :  1.7.0 (OK)
pygments >=2.0  :  2.1.3 (OK)
qtconsole >=4.0 :  4.2.1 (OK)
nbconvert >=4.0 :  4.2.0 (OK)
pandas >=0.13.1 :  0.18.1 (OK)
numpy >=1.7     :  1.11.0 (OK)
sphinx >=0.6.6  :  1.4.4 (OK)
rope >=0.9.4    :  0.9.4-1 (OK)
jedi >=0.8.1    :  0.9.0 (OK)
psutil >=0.3    :  4.3.0 (OK)
matplotlib >=1.0:  1.5.1 (OK)
sympy >=0.7.3   :  1.0 (OK)
pylint >=0.25   :  1.5.6 (OK)

[techtonik]

@Nodd if program ends with a crash. it may be exploited to do the things the attacker wants by forcing user to open a malicious HTML document.