Message228158
"it looks like all the avenues for arbitrary code execution while checking if an exception handler matches a thrown an exception are closed off."
This seems to be directly contradicted by your previous sentence: "the except clause accepts any expressions producing a tuple or BaseException instance".
e.g.
===
>>> def f(): raise AttributeError
...
>>> try: raise IndexError
... except f(): raise KeyError
...
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
IndexError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 2, in <module>
File "<stdin>", line 1, in f
AttributeError
===
(note that f() is evaluated only if the body of "try" actually raises) |
|
Date |
User |
Action |
Args |
2014-10-02 04:53:05 | Antony.Lee | set | recipients:
+ Antony.Lee, gvanrossum, barry, jamesh, ncoghlan, pitrou, benjamin.peterson, jwilk, eric.araujo, Trundle, cvrebert, daniel.urban, yorik.sar, ethan.furman, Yury.Selivanov, Jim.Jewett, gcbirzan |
2014-10-02 04:53:05 | Antony.Lee | set | messageid: <1412225585.01.0.470072737898.issue12029@psf.upfronthosting.co.za> |
2014-10-02 04:53:04 | Antony.Lee | link | issue12029 messages |
2014-10-02 04:53:04 | Antony.Lee | create | |
|