This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Fixes for elementtree integer overflow
Type: compile error Stage: resolved
Components: Library (Lib) Versions: Python 3.4, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: serhiy.storchaka Nosy List: christian.heimes, eli.bendersky, python-dev, scoder, serhiy.storchaka, vstinner
Priority: normal Keywords: patch

Created on 2013-11-22 00:03 by christian.heimes, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
elementtree_overflow.patch christian.heimes, 2013-11-22 00:03 review
elementtree_overflow2.patch christian.heimes, 2013-12-04 10:05 review
elementtree_overflow3.patch serhiy.storchaka, 2015-11-22 11:27 review
Messages (11)
msg203702 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-11-22 00:03 
The patch addresses most overflow errors in elementtree except for the problems in element_ass_subscr().
msg205212 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-12-04 10:05 
New patch with fixes for element_ass_subscr().
msg205214 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2013-12-04 10:35 
See also *first* patch in issue16986.
msg205296 - (view) Author: Eli Bendersky (eli.bendersky) * (Python committer) Date: 2013-12-05 13:47 
Thanks. I left some comments in the code review tool
msg255066 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-11-21 17:40 
Ping.
msg255073 - (view) Author: Eli Bendersky (eli.bendersky) * (Python committer) Date: 2015-11-21 22:22 
Serhiy, I'm truly sorry but for this and other issues you pinged -- I currently have zero bandwidth to invest in this. Feel free to ask around on pydev if there are other folks interested in reviewing patches and decisions w.r.t the etree module. I'm fine with your judgement otherwise.
msg255089 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-11-22 10:24 
Christian's patch fixes two things: integer overflow and memory leak. First I'll commit a fix for memory leak (with cleanup and tests). Integer overflow looks already fixed in recent releases, there is nothing to commit. This part should be applied only to old releases.
msg255090 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2015-11-22 10:31 
New changeset d51d420f3e9d by Serhiy Storchaka in branch '3.4':
Issue #19687: Fixed memory leak on failed Element slice assignment.
https://hg.python.org/cpython/rev/d51d420f3e9d

New changeset 4d5417444961 by Serhiy Storchaka in branch '3.5':
Issue #19687: Fixed memory leak on failed Element slice assignment.
https://hg.python.org/cpython/rev/4d5417444961

New changeset de5a11836ad4 by Serhiy Storchaka in branch 'default':
Issue #19687: Fixed memory leak on failed Element slice assignment.
https://hg.python.org/cpython/rev/de5a11836ad4

New changeset c33e4881721f by Serhiy Storchaka in branch '2.7':
Issue #19687: Fixed memory leak on failed Element slice assignment.
https://hg.python.org/cpython/rev/c33e4881721f
msg255094 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-11-22 11:27 
Here is updated patch for 3.4.

Added new overflow checks in element_resize(), some runtime checks are replaced with asserts (conditions are always true), check for buffer size is copied from 3.5, followed Eli's suggestions about nchildren and index.
msg255375 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2015-11-25 18:18 
New changeset e5eac1d692ad by Serhiy Storchaka in branch '3.4':
Issue #19687: Fixed possible integer overflows in ElementTree.
https://hg.python.org/cpython/rev/e5eac1d692ad

New changeset 745fd5550bc0 by Serhiy Storchaka in branch '2.7':
Issue #19687: Fixed possible integer overflows in ElementTree.
https://hg.python.org/cpython/rev/745fd5550bc0
msg255377 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-11-25 18:19 
Possible integer overflows in 3.5 was already fixed by issue23450.
History
Date User Action Args
2022-04-11 14:57:53adminsetgithub: 63886
2015-11-25 18:19:46serhiy.storchakasetstatus: open -> closed
versions: + Python 2.7
messages: + msg255377

resolution: fixed
stage: patch review -> resolved
2015-11-25 18:18:43python-devsetmessages: + msg255375
2015-11-22 11:27:11serhiy.storchakasetfiles: + elementtree_overflow3.patch

messages: + msg255094
2015-11-22 10:31:45python-devsetnosy: + python-dev
messages: + msg255090
2015-11-22 10:24:46serhiy.storchakasetassignee: serhiy.storchaka
messages: + msg255089
2015-11-21 22:22:55eli.benderskysetmessages: + msg255073
2015-11-21 17:40:58serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg255066
2014-11-17 08:26:11serhiy.storchakasetnosy: - serhiy.storchaka
2013-12-05 13:47:50eli.benderskysetmessages: + msg205296
2013-12-04 10:35:11serhiy.storchakasetnosy: + serhiy.storchaka, eli.bendersky, scoder
messages: + msg205214
2013-12-04 10:05:10christian.heimessetfiles: + elementtree_overflow2.patch

messages: + msg205212
2013-11-22 00:03:31christian.heimescreate