Antony Lee added the comment: "it looks like all the avenues for arbitrary code execution while checking if an exception handler matches a thrown an exception are closed off."
This seems to be directly contradicted by your previous sentence: "the except clause accepts any expressions producing a tuple or BaseException instance". e.g. === >>> def f(): raise AttributeError ... >>> try: raise IndexError ... except f(): raise KeyError ... Traceback (most recent call last): File "<stdin>", line 1, in <module> IndexError During handling of the above exception, another exception occurred: Traceback (most recent call last): File "<stdin>", line 2, in <module> File "<stdin>", line 1, in f AttributeError === (note that f() is evaluated only if the body of "try" actually raises) ---------- nosy: +Antony.Lee _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue12029> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
