[New-bugs-announce] [issue31455] ElementTree.XMLParser() mishandles exceptions
Stefan Behnel
report at bugs.python.org
Wed Sep 13 13:28:39 EDT 2017
New submission from Stefan Behnel:
The "XMLParser.__init__()" method in "_elementtree.c" contains this code:
self->handle_start = PyObject_GetAttrString(target, "start");
self->handle_data = PyObject_GetAttrString(target, "data");
self->handle_end = PyObject_GetAttrString(target, "end");
self->handle_comment = PyObject_GetAttrString(target, "comment");
self->handle_pi = PyObject_GetAttrString(target, "pi");
self->handle_close = PyObject_GetAttrString(target, "close");
self->handle_doctype = PyObject_GetAttrString(target, "doctype");
PyErr_Clear();
This ignores all exceptions, not only AttributeError.
It also passes live exceptions into the later lookup calls, which may execute arbitrary user code.
----------
components: Extension Modules
messages: 302101
nosy: scoder
priority: normal
severity: normal
status: open
title: ElementTree.XMLParser() mishandles exceptions
type: behavior
versions: Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue31455>
_______________________________________
More information about the New-bugs-announce
mailing list