[issue12029] Catching virtual subclasses in except clauses
Guido van Rossum
report at bugs.python.org
Thu Oct 2 07:10:07 CEST 2014
Guido van Rossum added the comment:
ISTM Nick meant that the exception that was raised can't cause arbitrary
code execution.
On Wednesday, October 1, 2014, Antony Lee <report at bugs.python.org> wrote:
>
> Antony Lee added the comment:
>
> "it looks like all the avenues for arbitrary code execution while checking
> if an exception handler matches a thrown an exception are closed off."
>
> This seems to be directly contradicted by your previous sentence: "the
> except clause accepts any expressions producing a tuple or BaseException
> instance".
>
> e.g.
>
> ===
>
> >>> def f(): raise AttributeError
> ...
> >>> try: raise IndexError
> ... except f(): raise KeyError
> ...
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> IndexError
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
> File "<stdin>", line 2, in <module>
> File "<stdin>", line 1, in f
> AttributeError
>
> ===
>
> (note that f() is evaluated only if the body of "try" actually raises)
>
> ----------
> nosy: +Antony.Lee
>
> _______________________________________
> Python tracker <report at bugs.python.org <javascript:;>>
> <http://bugs.python.org/issue12029>
> _______________________________________
>
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue12029>
_______________________________________
More information about the Python-bugs-list
mailing list