git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
	Mon, 31 Mar 2025 12:48:42 +0000 (14:48 +0200)
committer	GitHub <noreply@github.com>
	Mon, 31 Mar 2025 12:48:42 +0000 (14:48 +0200)
commit	588bb6ddf4388cefc926006e9e4752b7e62ea077
tree	9eb3bb6fe5404b2707e044b953b9782225b6ba98	tree \| snapshot
parent	19187991a8311e87735eb3abe55c0c499739769d	commit \| diff

[3.13] gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when current mutations happen (#127964) (#131931)

gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when concurrent mutations happen (#127964)

We fix a use-after-free in the `find`, `findtext` and `findall` methods of `xml.etree.ElementTree.Element`
objects that can be triggered when the tag to find implements an `__eq__` method that mutates the
element being queried.

(cherry picked from commit c57623c221d46daeaedfbf2b32d041fde0c882de)

Lib/test/test_xml_etree.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Library/2024-12-15-15-07-22.gh-issue-126037.OyA7JP.rst	[new file with mode: 0644]	blob
Modules/_elementtree.c		diff \| blob \| blame \| history