➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2017-10-08 20:16 by Oren Milman, last changed 2022-04-11 14:58 by admin. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 3924 | merged | Oren Milman, 2017-10-08 21:09 | |
| PR 3945 | merged | python-dev, 2017-10-10 21:02 | |
| PR 3950 | merged | Oren Milman, 2017-10-11 10:27 | |
| Messages (6) | |||
|---|---|---|---|
| msg303917 - (view) | Author: Oren Milman (Oren Milman) * | Date: 2017-10-08 20:16 | |
The following code causes the interpreter to crash:
import xml.etree.ElementTree
class X:
def __del__(self):
elem.clear()
elem = xml.etree.ElementTree.Element('elem')
elem.text = X()
elem.clear()
This is because _elementtree_Element_clear_impl() decrefs self->text in an
unsafe manner.
For the same reason, but for self->tail, a crash would happen if we replaced
'elem.text = X()' with 'elem.tail = X()'.
Similarly, the following code also causes the interpreter to crash:
import xml.etree.ElementTree
class X:
def __del__(self):
elem.clear()
elem = xml.etree.ElementTree.Element('elem')
elem.text = X()
elem.text = X()
This is because element_text_setter() decrefs self->text in an unsafe manner.
element_tail_setter() does the same for self->tail, so again, if we replaced
'elem.text = X()' with 'elem.tail = X()', we would also get a crash.
|
|||
| msg304013 - (view) | Author: Oren Milman (Oren Milman) * | Date: 2017-10-10 05:34 | |
As serhiy pointed out in a comment in PR 3924, setting self->text or self->tail to NULL might lead to an assertion failure, so we should also prevent the following assertion failure (and the similar one for tail): import xml.etree.ElementTree class X: def __del__(self): elem.text elem = xml.etree.ElementTree.Element('elem') elem.text = X() elem.__setstate__({'tag': None}) # implicitly also set elem.text to None |
|||
| msg304079 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) *  |
Date: 2017-10-10 20:26 | |
New changeset 39ecb9c71b6e55d8a61a710d0144231bd88f9ada by Serhiy Storchaka (Oren Milman) in branch 'master': bpo-31728: Prevent crashes in _elementtree due to unsafe cleanup of Element.text and Element.tail (#3924) https://github.com/python/cpython/commit/39ecb9c71b6e55d8a61a710d0144231bd88f9ada |
|||
| msg304087 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2017-10-10 21:51 | |
New changeset a8ac71d15f2a4aef83a8954a678cc12545ce517c by Serhiy Storchaka (Miss Islington (bot)) in branch '3.6': [3.6] bpo-31728: Prevent crashes in _elementtree due to unsafe cleanup of Element.text and Element.tail (GH-3924) (#3945) https://github.com/python/cpython/commit/a8ac71d15f2a4aef83a8954a678cc12545ce517c |
|||
| msg304132 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2017-10-11 13:29 | |
New changeset f15058a697de12b0efe6c7ebc38fe61a993bb5d5 by Serhiy Storchaka (Oren Milman) in branch '2.7': [2.7] bpo-31728: Prevent crashes in _elementtree due to unsafe cleanup of Element.text and Element.tail (GH-3924) (#3950) https://github.com/python/cpython/commit/f15058a697de12b0efe6c7ebc38fe61a993bb5d5 |
|||
| msg304135 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2017-10-11 13:44 | |
Thank you Oren! |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:53 | admin | set | github: 75909 |
| 2017-10-11 13:44:11 | serhiy.storchaka | set | status: open -> closed resolution: fixed messages: + msg304135 stage: patch review -> resolved |
| 2017-10-11 13:29:14 | serhiy.storchaka | set | messages: + msg304132 |
| 2017-10-11 10:27:11 | Oren Milman | set | stage: backport needed -> patch review pull_requests: + pull_request3925 |
| 2017-10-11 08:43:19 | serhiy.storchaka | set | stage: patch review -> backport needed versions: + Python 2.7, Python 3.6 |
| 2017-10-10 21:51:30 | serhiy.storchaka | set | messages: + msg304087 |
| 2017-10-10 21:02:08 | python-dev | set | pull_requests: + pull_request3919 |
| 2017-10-10 20:26:27 | serhiy.storchaka | set | nosy:
+ serhiy.storchaka messages: + msg304079 |
| 2017-10-10 05:34:07 | Oren Milman | set | messages: + msg304013 |
| 2017-10-08 21:09:29 | Oren Milman | set | keywords:
+ patch stage: patch review pull_requests: + pull_request3897 |
| 2017-10-08 20:16:27 | Oren Milman | create | |