New submission from Stefan Behnel:
The "XMLParser.__init__()" method in "_elementtree.c" contains this code:
self->handle_start = PyObject_GetAttrString(target, "start");
self->handle_data = PyObject_GetAttrString(target, "data");
self->handle_end = PyObject_GetAttrString(target, "end");
self->handle_comment = PyObject_GetAttrString(target, "comment");
self->handle_pi = PyObject_GetAttrString(target, "pi");
self->handle_close = PyObject_GetAttrString(target, "close");
self->handle_doctype = PyObject_GetAttrString(target, "doctype");
PyErr_Clear();
This ignores all exceptions, not only AttributeError.
It also passes live exceptions into the later lookup calls, which may execute
arbitrary user code.
----------
components: Extension Modules
messages: 302101
nosy: scoder
priority: normal
severity: normal
status: open
title: ElementTree.XMLParser() mishandles exceptions
type: behavior
versions: Python 3.7
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue31455>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
