[Python-checkins] Fix error handling bugs in _elementtree.c. (GH-10060)

Miss Islington (bot) webhook-mailer at python.org
Tue Oct 23 15:53:03 EDT 2018


https://github.com/python/cpython/commit/b1b9ee824f1c7a8a8fc7fa0c6864b7eebc769d4d
commit: b1b9ee824f1c7a8a8fc7fa0c6864b7eebc769d4d
branch: 3.6
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2018-10-23T12:52:57-07:00
summary:

Fix error handling bugs in _elementtree.c. (GH-10060)


References could leak, NULL could be dereferenced, and the Expat parser could
be double freed when some errors raised.
(cherry picked from commit 9f3ed3e213b30059087d059a7d1d3b2527fa8654)

Co-authored-by: Zackery Spytz <zspytz at gmail.com>

files:
M Modules/_elementtree.c

diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
index a96e0306996b..5c6959662316 100644
--- a/Modules/_elementtree.c
+++ b/Modules/_elementtree.c
@@ -336,6 +336,9 @@ static PyObject*
 get_attrib_from_keywords(PyObject *kwds)
 {
     PyObject *attrib_str = PyUnicode_FromString("attrib");
+    if (attrib_str == NULL) {
+        return NULL;
+    }
     PyObject *attrib = PyDict_GetItem(kwds, attrib_str);
 
     if (attrib) {
@@ -356,10 +359,10 @@ get_attrib_from_keywords(PyObject *kwds)
 
     Py_DECREF(attrib_str);
 
-    /* attrib can be NULL if PyDict_New failed */
-    if (attrib)
-        if (PyDict_Update(attrib, kwds) < 0)
-            return NULL;
+    if (attrib != NULL && PyDict_Update(attrib, kwds) < 0) {
+        Py_DECREF(attrib);
+        return NULL;
+    }
     return attrib;
 }
 
@@ -579,10 +582,9 @@ subelement(PyObject *self, PyObject *args, PyObject *kwds)
         attrib = PyDict_Copy(attrib);
         if (!attrib)
             return NULL;
-        if (kwds) {
-            if (PyDict_Update(attrib, kwds) < 0) {
-                return NULL;
-            }
+        if (kwds != NULL && PyDict_Update(attrib, kwds) < 0) {
+            Py_DECREF(attrib);
+            return NULL;
         }
     } else if (kwds) {
         /* have keyword args */
@@ -1828,7 +1830,6 @@ element_ass_subscr(PyObject* self_, PyObject* item, PyObject* value)
              * scheduled for removal.
             */
             if (!(recycle = PyList_New(slicelen))) {
-                PyErr_NoMemory();
                 return -1;
             }
 
@@ -1868,7 +1869,7 @@ element_ass_subscr(PyObject* self_, PyObject* item, PyObject* value)
             self->extra->length -= slicelen;
 
             /* Discard the recycle list with all the deleted sub-elements */
-            Py_XDECREF(recycle);
+            Py_DECREF(recycle);
             return 0;
         }
 
@@ -3308,7 +3309,6 @@ _elementtree_XMLParser___init___impl(XMLParserObject *self, PyObject *html,
         if (!target) {
             Py_CLEAR(self->entity);
             Py_CLEAR(self->names);
-            EXPAT(ParserFree)(self->parser);
             return -1;
         }
     }



More information about the Python-checkins mailing list