]> git.ipfire.org Git - thirdparty/Python/cpython.git/commitdiff
projects / thirdparty / Python / cpython.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df739f3)
[3.14] gh-139210: Fix use-after-free in xml.etree.ElementTree.iterparse() (GH-139211...
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Tue, 7 Oct 2025 19:13:27 +0000 (21:13 +0200)
committerGitHub <noreply@github.com>
Tue, 7 Oct 2025 19:13:27 +0000 (21:13 +0200)
(cherry picked from commit c86eb4d3ac5984efc1ea920ba643e3c4f02fdee8)

Co-authored-by: Ken Jin <kenjin@python.org>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Lib/test/test_xml_etree.py patch | blob | blame | history
Misc/NEWS.d/next/Library/2025-09-21-15-58-57.gh-issue-139210.HGbMvz.rst [new file with mode: 0644] patch | blob
Modules/_elementtree.c patch | blob | blame | history

diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
index bf6d5074fdebd80aa9500c534503b21dcecfc91f..f65baa0cfae2ad6663f0fbc184020f49c67cea4c 100644 (file)
--- a/Lib/test/test_xml_etree.py
+++ b/Lib/test/test_xml_etree.py
@@ -1749,6 +1749,8 @@ class XMLPullParserTest(unittest.TestCase):
     def test_unknown_event(self):
         with self.assertRaises(ValueError):
             ET.XMLPullParser(events=('start', 'end', 'bogus'))
+        with self.assertRaisesRegex(ValueError, "unknown event 'bogus'"):
+            ET.XMLPullParser(events=(x.decode() for x in (b'start', b'end', b'bogus')))
 
     @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
                      f'Expat {pyexpat.version_info} does not '
diff --git a/Misc/NEWS.d/next/Library/2025-09-21-15-58-57.gh-issue-139210.HGbMvz.rst b/Misc/NEWS.d/next/Library/2025-09-21-15-58-57.gh-issue-139210.HGbMvz.rst
new file mode 100644 (file)
index 0000000..1227b29
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-09-21-15-58-57.gh-issue-139210.HGbMvz.rst
@@ -0,0 +1 @@
+Fix use-after-free when reporting unknown event in :func:`xml.etree.ElementTree.iterparse`. Patch by Ken Jin.
diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
index b9e12ab2026f65e680e2cd6c224864f740c6af12..9263f14b57f97272b71a368325a66b6419b1c73c 100644 (file)
--- a/Modules/_elementtree.c
+++ b/Modules/_elementtree.c
@@ -4214,8 +4214,8 @@ _elementtree_XMLParser__setevents_impl(XMLParserObject *self,
                 (XML_ProcessingInstructionHandler) expat_pi_handler
                 );
         } else {
-            Py_DECREF(events_seq);
             PyErr_Format(PyExc_ValueError, "unknown event '%s'", event_name);
+            Py_DECREF(events_seq);
             return NULL;
         }
     }
Mirror of https://github.com/python/cpython.git