[Python-checkins] bpo-23691: Protect the re.finditer() iterator from re-entering (GH-32012)

Mon Mar 21 07:00:47 EDT 2022

https://github.com/python/cpython/commit/08eb754d840696914928355014c2d424131f8835
commit: 08eb754d840696914928355014c2d424131f8835
branch: main
author: Serhiy Storchaka <storchaka at gmail.com>
committer: serhiy-storchaka <storchaka at gmail.com>
date: 2022-03-21T13:00:43+02:00
summary:

bpo-23691: Protect the re.finditer() iterator from re-entering (GH-32012)

files:
A Misc/NEWS.d/next/Library/2022-03-20-22-13-24.bpo-23691.Nc2TrW.rst
M Modules/_sre.c
M Modules/sre.h

diff --git a/Misc/NEWS.d/next/Library/2022-03-20-22-13-24.bpo-23691.Nc2TrW.rst b/Misc/NEWS.d/next/Library/2022-03-20-22-13-24.bpo-23691.Nc2TrW.rst
new file mode 100644
index 0000000000000..053a2b2709ee8
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-03-20-22-13-24.bpo-23691.Nc2TrW.rst
@@ -0,0 +1 @@
+Protect the :func:`re.finditer` iterator from re-entering.
diff --git a/Modules/_sre.c b/Modules/_sre.c
index 213730860cfb5..ab321eafb6d79 100644
--- a/Modules/_sre.c
+++ b/Modules/_sre.c
@@ -2511,6 +2511,25 @@ scanner_dealloc(ScannerObject* self)
     Py_DECREF(tp);
 }
 
+static int
+scanner_begin(ScannerObject* self)
+{
+    if (self->executing) {
+        PyErr_SetString(PyExc_ValueError,
+                        "regular expression scanner already executing");
+        return 0;
+    }
+    self->executing = 1;
+    return 1;
+}
+
+static void
+scanner_end(ScannerObject* self)
+{
+    assert(self->executing);
+    self->executing = 0;
+}
+
 /*[clinic input]
 _sre.SRE_Scanner.match
 
@@ -2528,16 +2547,23 @@ _sre_SRE_Scanner_match_impl(ScannerObject *self, PyTypeObject *cls)
     PyObject* match;
     Py_ssize_t status;
 
-    if (state->start == NULL)
+    if (!scanner_begin(self)) {
+        return NULL;
+    }
+    if (state->start == NULL) {
+        scanner_end(self);
         Py_RETURN_NONE;
+    }
 
     state_reset(state);
 
     state->ptr = state->start;
 
     status = sre_match(state, PatternObject_GetCode(self->pattern));
-    if (PyErr_Occurred())
+    if (PyErr_Occurred()) {
+        scanner_end(self);
         return NULL;
+    }
 
     match = pattern_new_match(module_state, (PatternObject*) self->pattern,
                               state, status);
@@ -2549,6 +2575,7 @@ _sre_SRE_Scanner_match_impl(ScannerObject *self, PyTypeObject *cls)
         state->start = state->ptr;
     }
 
+    scanner_end(self);
     return match;
 }
 
@@ -2570,16 +2597,23 @@ _sre_SRE_Scanner_search_impl(ScannerObject *self, PyTypeObject *cls)
     PyObject* match;
     Py_ssize_t status;
 
-    if (state->start == NULL)
+    if (!scanner_begin(self)) {
+        return NULL;
+    }
+    if (state->start == NULL) {
+        scanner_end(self);
         Py_RETURN_NONE;
+    }
 
     state_reset(state);
 
     state->ptr = state->start;
 
     status = sre_search(state, PatternObject_GetCode(self->pattern));
-    if (PyErr_Occurred())
+    if (PyErr_Occurred()) {
+        scanner_end(self);
         return NULL;
+    }
 
     match = pattern_new_match(module_state, (PatternObject*) self->pattern,
                               state, status);
@@ -2591,6 +2625,7 @@ _sre_SRE_Scanner_search_impl(ScannerObject *self, PyTypeObject *cls)
         state->start = state->ptr;
     }
 
+    scanner_end(self);
     return match;
 }
 
@@ -2608,6 +2643,7 @@ pattern_scanner(_sremodulestate *module_state,
     if (!scanner)
         return NULL;
     scanner->pattern = NULL;
+    scanner->executing = 0;
 
     /* create search state object */
     if (!state_init(&scanner->state, self, string, pos, endpos)) {
diff --git a/Modules/sre.h b/Modules/sre.h
index 9b0d8b190426a..785adbd003e7f 100644
--- a/Modules/sre.h
+++ b/Modules/sre.h
@@ -89,6 +89,7 @@ typedef struct {
     PyObject_HEAD
     PyObject* pattern;
     SRE_STATE state;
+    int executing;
 } ScannerObject;
 
 #endif

