Skip to content

bpo-31758: Prevent crashes when using an uninitialized _elementtree.XMLParser object #3997

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Apr 12, 2020
Merged

bpo-31758: Prevent crashes when using an uninitialized _elementtree.XMLParser object #3997

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
2a72c42
init commit
orenmn Oct 14, 2017
76ca82f
improve the C code
orenmn Oct 14, 2017
fbc8f57
added a NEWS.d item
orenmn Oct 14, 2017
f8d3336
improve the error message.
orenmn Oct 14, 2017
74a77a1
improve the test's name
orenmn Oct 14, 2017
f3718ef
Merge branch 'master' into bpo31758-fix-crashes
scoder Apr 12, 2020
fb1df9d
Fix test after merging master.
scoder Apr 12, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions Lib/test/test_xml_etree_c.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,21 @@ def __del__(self):
elem.tail = X()
elem.__setstate__({'tag': 42}) # shouldn't cause an assertion failure

@support.cpython_only
def test_uninitialized_parser(self):
# The interpreter shouldn't crash in case of calling methods or
# accessing attributes of uninitialized XMLParser objects.
parser = cET.XMLParser.__new__(cET.XMLParser)
self.assertRaises(ValueError, parser.close)
self.assertRaises(ValueError, parser.feed, 'foo')
class MockFile:
def read(*args):
return ''
self.assertRaises(ValueError, parser._parse_whole, MockFile())
self.assertRaises(ValueError, parser._setevents, None)
self.assertIsNone(parser.entity)
self.assertIsNone(parser.target)

def test_setstate_leaks(self):
# Test reference leaks
elem = cET.Element.__new__(cET.Element)
Expand Down
2 changes: 2 additions & 0 deletions Misc/NEWS.d/next/Library/2017-10-14-21-02-40.bpo-31758.563ZZb.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Prevent crashes when using an uninitialized ``_elementtree.XMLParser``
object. Patch by Oren Milman.
24 changes: 24 additions & 0 deletions Modules/_elementtree.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3818,6 +3818,17 @@ xmlparser_dealloc(XMLParserObject* self)
Py_TYPE(self)->tp_free((PyObject *)self);
}

Py_LOCAL_INLINE(int)
_check_xmlparser(XMLParserObject* self)
{
if (self->target == NULL) {
PyErr_SetString(PyExc_ValueError,
"XMLParser.__init__() wasn't called");
return 0;
}
return 1;
}

LOCAL(PyObject*)
expat_parse(XMLParserObject* self, const char* data, int data_len, int final)
{
Expand Down Expand Up @@ -3854,6 +3865,10 @@ _elementtree_XMLParser_close_impl(XMLParserObject *self)
/* end feeding data to parser */

PyObject* res;

if (!_check_xmlparser(self)) {
return NULL;
}
res = expat_parse(self, "", 0, 1);
if (!res)
return NULL;
Expand Down Expand Up @@ -3885,6 +3900,9 @@ _elementtree_XMLParser_feed(XMLParserObject *self, PyObject *data)
{
/* feed data to parser */

if (!_check_xmlparser(self)) {
return NULL;
}
if (PyUnicode_Check(data)) {
Py_ssize_t data_len;
const char *data_ptr = PyUnicode_AsUTF8AndSize(data, &data_len);
Expand Down Expand Up @@ -3932,6 +3950,9 @@ _elementtree_XMLParser__parse_whole(XMLParserObject *self, PyObject *file)
PyObject* temp;
PyObject* res;

if (!_check_xmlparser(self)) {
return NULL;
}
reader = PyObject_GetAttrString(file, "read");
if (!reader)
return NULL;
Expand Down Expand Up @@ -4019,6 +4040,9 @@ _elementtree_XMLParser__setevents_impl(XMLParserObject *self,
TreeBuilderObject *target;
PyObject *events_append, *events_seq;

if (!_check_xmlparser(self)) {
return NULL;
}
if (!TreeBuilder_CheckExact(self->target)) {
PyErr_SetString(
PyExc_TypeError,
Expand Down