Message228159
ISTM Nick meant that the exception that was raised can't cause arbitrary
code execution.
On Wednesday, October 1, 2014, Antony Lee <report@bugs.python.org> wrote:
>
> Antony Lee added the comment:
>
> "it looks like all the avenues for arbitrary code execution while checking
> if an exception handler matches a thrown an exception are closed off."
>
> This seems to be directly contradicted by your previous sentence: "the
> except clause accepts any expressions producing a tuple or BaseException
> instance".
>
> e.g.
>
> ===
>
> >>> def f(): raise AttributeError
> ...
> >>> try: raise IndexError
> ... except f(): raise KeyError
> ...
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> IndexError
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
> File "<stdin>", line 2, in <module>
> File "<stdin>", line 1, in f
> AttributeError
>
> ===
>
> (note that f() is evaluated only if the body of "try" actually raises)
>
> ----------
> nosy: +Antony.Lee
>
> _______________________________________
> Python tracker <report@bugs.python.org <javascript:;>>
> <http://bugs.python.org/issue12029>
> _______________________________________
> |
|
Date |
User |
Action |
Args |
2014-10-02 05:10:07 | gvanrossum | set | recipients:
+ gvanrossum, barry, jamesh, ncoghlan, pitrou, benjamin.peterson, jwilk, eric.araujo, Trundle, cvrebert, daniel.urban, yorik.sar, ethan.furman, Yury.Selivanov, Jim.Jewett, gcbirzan, Antony.Lee |
2014-10-02 05:10:07 | gvanrossum | link | issue12029 messages |
2014-10-02 05:10:06 | gvanrossum | create | |
|