This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Fixed various refcount issues in ElementTree iteration
Type: crash Stage: resolved
Components: Extension Modules, XML Versions: Python 3.6, Python 3.5
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: serhiy.storchaka Nosy List: martin.panter, python-dev, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2015-12-18 12:04 by serhiy.storchaka, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
etree_iter_refcount.patch serhiy.storchaka, 2015-12-18 12:04 review
etree_iter_refcount_2.patch serhiy.storchaka, 2015-12-20 15:55 review
Messages (5)
msg256673 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-12-18 12:04 
ElementTree iteration code holds borrowed references when call user code (comparison with the tag, concatenating text and tail lazy lists, testing text and tail for empty). User code can make borrowed references invalid and this can lead to a crash. One example is provided by Martin in msg256495. Other possible cases can be more hard to reproduce.

Proposed patch makes iterating code to own references that it operates.
msg256767 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-12-20 15:55 
Added tests.
msg256782 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2015-12-21 03:54 
Left some comments about possibly unnecessary ref counting. Other than that it seems okay.
msg256786 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2015-12-21 09:13 
New changeset 00b6a13cfd70 by Serhiy Storchaka in branch '3.5':
Issue #25902: Fixed various refcount issues in ElementTree iteration.
https://hg.python.org/cpython/rev/00b6a13cfd70

New changeset e09cb2af3092 by Serhiy Storchaka in branch 'default':
Issue #25902: Fixed various refcount issues in ElementTree iteration.
https://hg.python.org/cpython/rev/e09cb2af3092
msg256794 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-12-21 10:40 
Thank you Martin.

Actually this patch is for 3.5 only. In 3.6 the code will be rewrote (issue25873).
History
Date User Action Args
2022-04-11 14:58:25adminsetgithub: 70090
2015-12-21 10:40:14serhiy.storchakasetstatus: open -> closed
versions: - Python 2.7
messages: + msg256794

resolution: fixed
stage: patch review -> resolved
2015-12-21 09:13:37python-devsetnosy: + python-dev
messages: + msg256786
2015-12-21 03:54:43martin.pantersetmessages: + msg256782
2015-12-20 15:55:57serhiy.storchakasetfiles: + etree_iter_refcount_2.patch

messages: + msg256767
2015-12-20 14:39:35serhiy.storchakasetassignee: serhiy.storchaka
2015-12-18 12:04:44serhiy.storchakacreate