Author Antony.Lee
Recipients Antony.Lee, Jim.Jewett, Trundle, Yury.Selivanov, barry, benjamin.peterson, cvrebert, daniel.urban, eric.araujo, ethan.furman, gcbirzan, gvanrossum, jamesh, jwilk, ncoghlan, pitrou, yorik.sar
Date 2014-10-02.04:53:04
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1412225585.01.0.470072737898.issue12029@psf.upfronthosting.co.za>
In-reply-to
Content
"it looks like all the avenues for arbitrary code execution while checking if an exception handler matches a thrown an exception are closed off."

This seems to be directly contradicted by your previous sentence: "the except clause accepts any expressions producing a tuple or BaseException instance".

e.g.

===

>>> def f(): raise AttributeError
... 
>>> try: raise IndexError
... except f(): raise KeyError
... 
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
IndexError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 2, in <module>
  File "<stdin>", line 1, in f
AttributeError

===

(note that f() is evaluated only if the body of "try" actually raises)
History
Date User Action Args
2014-10-02 04:53:05Antony.Leesetrecipients: + Antony.Lee, gvanrossum, barry, jamesh, ncoghlan, pitrou, benjamin.peterson, jwilk, eric.araujo, Trundle, cvrebert, daniel.urban, yorik.sar, ethan.furman, Yury.Selivanov, Jim.Jewett, gcbirzan
2014-10-02 04:53:05Antony.Leesetmessageid: <1412225585.01.0.470072737898.issue12029@psf.upfronthosting.co.za>
2014-10-02 04:53:04Antony.Leelinkissue12029 messages
2014-10-02 04:53:04Antony.Leecreate