Issue3475
Created on 2008-07-31 07:13 by naufraghi, last changed 2009-11-08 18:35 by effbot.
|
| File name |
Uploaded |
Description |
Edit |
Remove |
|
fix-celementtree.patch
|
ferringb,
2009-11-08 07:37
|
check for exception from PyRun_String, else release the returned ref. |
|
|
|
|
msg70488 - (view) |
Author: Matteo Bertini (naufraghi) |
Date: 2008-07-31 07:13 |
|
Playing with PyInstaller I have found that the final part of
_elementtree.c:
Index: Modules/_elementtree.c
===================================================================
--- Modules/_elementtree.c (revisione 59540)
+++ Modules/_elementtree.c (copia locale)
@@ -2780,7 +2780,10 @@
);
- PyRun_String(bootstrap, Py_file_input, g, NULL);
+ if (PyRun_String(bootstrap, Py_file_input, g, NULL) == NULL)
+ return;
elementpath_obj = PyDict_GetItemString(g, "ElementPath");
execute a bit of python code without checking the return value.
That can lead to weird things playing with import hooks,
for example an assert like this can fail:
Index: Lib/test/test_elemettree.py
===================================================================
--- Lib/test/test_elemettree.py (revisione 0)
+++ Lib/test/test_elemettree.py (revisione 0)
@@ -0,0 +1,21 @@
+#! /usr/bin/env python
+
+def importHook(*args, **kwargs):
+ if 'xml.etree' in args:
+ raise ImportError
+ else:
+ return __real__import__(*args, **kwargs)
+
+import os
+import __builtin__
+__real__import__ = __builtin__.__import__
+__builtin__.__import__ = importHook
+
+try:
+ import xml.etree.cElementTree as cET
+except ImportError:
+ pass
+else:
+ out = os.popen("python -c 'import xml.etree.cElementTree as cET;
print dir(cET)'").read().strip()
+ assert str(dir(cET)) == out, (str(dir(cET)), out)
+
|
|
msg70489 - (view) |
Author: Martin v. Löwis (loewis) |
Date: 2008-07-31 07:51 |
|
Fredrik, can you take a look?
|
|
msg70656 - (view) |
Author: Fredrik Lundh (effbot) |
Date: 2008-08-03 18:49 |
|
This is fixed in the ET 1.3-compatible codebase. Since it's too late to
add ET 1.3 to 2.6, I guess it's time to make a new 1.2 bugfix release
for 2.6.
|
|
msg95038 - (view) |
Author: Brian Harring (ferringb) |
Date: 2009-11-08 07:37 |
|
At this point, this affects 2.5, 2.6, and 3.1 (and the normal 1.0.5
release of cElementTree); what's required to get this fixed and queued
up for micro/minor releases?
Sidenote, the patch posted above still leaks a reference-
|
|
msg95043 - (view) |
Author: Martin v. Löwis (loewis) |
Date: 2009-11-08 18:30 |
|
For 2.5, this will not be fixed, as it is not security-critical.
|
|
msg95044 - (view) |
Author: Fredrik Lundh (effbot) |
Date: 2009-11-08 18:35 |
|
Note that "fail silently" is a bit of a misnomer - if the embedded import
doesn't work, portions of the library will fail pretty loudly. Feel free
to use some variation of the suggested patch, or just wait until the next
upstream release gets imported (if ever).
|
|
| Date |
User |
Action |
Args |
| 2009-11-08 18:35:38 | effbot | set | messages:
+ msg95044 |
| 2009-11-08 18:30:29 | loewis | set | messages:
+ msg95043
versions:
+ Python 2.6, Python 3.1, Python 2.7, Python 3.2, - Python 2.5 |
| 2009-11-08 07:37:26 | ferringb | set | files:
+ fix-celementtree.patch
nosy:
+ ferringb
messages:
+ msg95038
keywords:
+ patch |
| 2008-08-03 18:49:21 | effbot | set | messages:
+ msg70656 |
| 2008-07-31 07:51:55 | loewis | set | assignee: effbot
messages:
+ msg70489
nosy:
+ loewis, effbot |
| 2008-07-31 07:13:10 | naufraghi | create | |
|
