[Django] #33368: Durationfield.clean fails to handle broken data
Django
---------------------------------------------+------------------------
Reporter: Florian Apolloner | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: dev
Severity: Normal | Keywords:
Triage Stage: Accepted | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
---------------------------------------------+------------------------
{{{
=== Uncaught Python exception: ===
ValueError: could not convert string to float: '3(3'
Traceback (most recent call last):
File "basic_fuzzer.py", line 22, in TestOneInput
File "fuzzers.py", line 294, in test_forms_DurationField
File "django/forms/fields.py", line 149, in clean
File "django/forms/fields.py", line 502, in to_python
File "django/utils/dateparse.py", line 154, in parse_duration
File "django/utils/dateparse.py", line 154, in <dictcomp>
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33368>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Florian Apolloner | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: dev
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Description changed by Florian Apolloner:
Old description:
> {{{
> === Uncaught Python exception: ===
> ValueError: could not convert string to float: '3(3'
> Traceback (most recent call last):
> File "basic_fuzzer.py", line 22, in TestOneInput
> File "fuzzers.py", line 294, in test_forms_DurationField
> File "django/forms/fields.py", line 149, in clean
> File "django/forms/fields.py", line 502, in to_python
> File "django/utils/dateparse.py", line 154, in parse_duration
> File "django/utils/dateparse.py", line 154, in <dictcomp>
>
> }}}
New description:
The actual input string was 'P3(3D' {{{
=== Uncaught Python exception: ===
ValueError: could not convert string to float: '3(3'
Traceback (most recent call last):
File "basic_fuzzer.py", line 22, in TestOneInput
File "fuzzers.py", line 294, in test_forms_DurationField
File "django/forms/fields.py", line 149, in clean
File "django/forms/fields.py", line 502, in to_python
File "django/utils/dateparse.py", line 154, in parse_duration
File "django/utils/dateparse.py", line 154, in <dictcomp>
}}}
--
--
Ticket URL: <https://code.djangoproject.com/ticket/33368#comment:1>
Django
Reporter: Florian Apolloner | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: dev
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Description changed by Florian Apolloner:
Old description:
> The actual input string was 'P3(3D' {{{
> === Uncaught Python exception: ===
> ValueError: could not convert string to float: '3(3'
> Traceback (most recent call last):
> File "basic_fuzzer.py", line 22, in TestOneInput
> File "fuzzers.py", line 294, in test_forms_DurationField
> File "django/forms/fields.py", line 149, in clean
> File "django/forms/fields.py", line 502, in to_python
> File "django/utils/dateparse.py", line 154, in parse_duration
> File "django/utils/dateparse.py", line 154, in <dictcomp>
>
> }}}
New description:
The actual input string was 'P3(3D'
{{{
=== Uncaught Python exception: ===
ValueError: could not convert string to float: '3(3'
Traceback (most recent call last):
File "basic_fuzzer.py", line 22, in TestOneInput
File "fuzzers.py", line 294, in test_forms_DurationField
File "django/forms/fields.py", line 149, in clean
File "django/forms/fields.py", line 502, in to_python
File "django/utils/dateparse.py", line 154, in parse_duration
File "django/utils/dateparse.py", line 154, in <dictcomp>
}}}
--
--
Ticket URL: <https://code.djangoproject.com/ticket/33368#comment:2>
Django
Reporter: Florian Apolloner | Owner: Pedro
| Schlickmann Mendes
Type: Bug | Status: assigned
Component: Core (Other) | Version: dev
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Pedro Schlickmann Mendes):
* owner: nobody => Pedro Schlickmann Mendes
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/33368#comment:3>
Django
Reporter: Florian Apolloner | Owner: Pedro
| Schlickmann Mendes
Type: Bug | Status: assigned
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Pedro Schlickmann Mendes):
* has_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/33368#comment:4>
Django
Reporter: Florian Apolloner | Owner: Pedro
| Schlickmann Mendes
Type: Bug | Status: assigned
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
Changes (by Mariusz Felisiak):
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/33368#comment:5>
Django
Reporter: Florian Apolloner | Owner: Pedro
| Schlickmann Mendes
Type: Bug | Status: assigned
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Mariusz Felisiak):
* needs_better_patch: 1 => 0
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/33368#comment:6>
Django
Reporter: Florian Apolloner | Owner: Pedro
| Schlickmann Mendes
Component: Core (Other) | Version: dev
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Mariusz Felisiak <felisiak.mariusz@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"4fd3044ca0135da903a70dfb66992293f529ecf1" 4fd3044c]:
{{{
#!CommitTicketReference repository=""
revision="4fd3044ca0135da903a70dfb66992293f529ecf1"
Fixed #33368 -- Fixed parse_duration() crash on invalid separators for
decimal fractions.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33368#comment:7>