git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
	Mon, 31 Mar 2025 12:47:22 +0000 (14:47 +0200)
committer	GitHub <noreply@github.com>
	Mon, 31 Mar 2025 12:47:22 +0000 (14:47 +0200)
commit	f1689b61fe16fa58cf5dab4e448a8ff1cac32f2d
tree	dfa6a95c6da5f7a88e1bb5fbdfb1423cc39c2b67	tree \| snapshot
parent	525eddf220318f1d60644fec57890f0607de4168	commit \| diff

[3.12] gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when concurrent mutations happen (#127964) (#131932)

gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when concurrent mutations happen (#127964)

We fix a use-after-free in the `find`, `findtext` and `findall` methods of `xml.etree.ElementTree.Element`
objects that can be triggered when the tag to find implements an `__eq__` method that mutates the
element being queried.

(cherry picked from commit c57623c221d46daeaedfbf2b32d041fde0c882de)

Lib/test/test_xml_etree.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Library/2024-12-15-15-07-22.gh-issue-126037.OyA7JP.rst	[new file with mode: 0644]	blob
Modules/_elementtree.c		diff \| blob \| blame \| history