GNOME Bugzilla – Bug 672364
does not properly handle XML parse errors, leading to possible data loss
Last modified: 2018-06-29 23:07:29 UTC
Created attachment 210061 [details] GnuCash XML file triggering the problem This is Debian bug http://bugs.debian.org/658732 I attach a simple GnuCash XML containing 4 transactions, the 2nd of which is actually invalid: there is an unescaped ampersand in "marks & spencer" (which of course should rather be written "marks & spencer"). The problem is that GnuCash opens this file without any warning/error message, and silently discards the faulty transaction and the two following ones: only one transaction appears in the ledger. This silent ignoring of transactions could lead to data loss (unnoticed at first). The expected behaviour would rather to warn the user that this file is invalid, and refuse to open it.
I agree there probably should be a vaidity check. Given that the file you have is invalid XML, then perhaps you should also file a bug with the developer of the application that produced it. However, I see that freecoinsExport appears to be no longer in active development.
I've seen that you set the status of this bug to NEEDINFO. What additional information are you expecting? The XML file that I provided should be all that is needed, since it reproduces the incorrect behaviour.
I meant to say; does freecoinsExport produce the XML directly from FreeCoins data? Just curious, I know it doesn't affect the issue.
Fair enough. I was a bit surprised by the NEEDINFO status because AIUI it means that the bug cannot be solved without additional info and will be closed if the information is not provided. Concerning your question, the provider of the XML bug (i.e. the reporter of the Debian bug) indeed says that she first came across the problem on a file that was created by freecoinsExport. The XML file that I attached in this bug report is a manually simplified version of the original file (in order to get a minimal example). I personally don't intend to file a bug against freecoinsExport, since I don't use that software and it is not present in Debian. Thanks
Created attachment 232217 [details] [review] Handle return value of xmlParseDocument()
I attached a patch that fixes this issue. The problem is simply that the return value of xmlParseDocument() was not checked. I also raise the severity of this bug to critical, because it can lead to data losses. Another example of that is given in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696282 Given the severity of the issue, I plan to apply soon this patch to the Debian package for GnuCash. Your feedback would be much appreciated, especially if I am missing something.
Thank you for the patch. I have applied it in trunk (r22703) and 2.4 (r22704). The fix will appear in the next release.
Reassign version to 2.4.x so that individual 2.4 versions can be retired.
GnuCash bug tracking has moved to a new Bugzilla host. This bug has been copied to https://bugs.gnucash.org/show_bug.cgi?id=672364. Please update any external references or bookmarks.