Issue 17803: Calling Tkinter.Tk() with a baseName keyword argument throws UnboundLocalError (original) (raw)
Issue17803
Created on 2013-04-20 11:57 by y-fujii, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Messages (4) | ||
|---|---|---|
| msg187418 - (view) | Author: Yasuhiro Fujii (y-fujii) * | Date: 2013-04-20 11:57 |
| Calling Tkinter.Tk() with baseName keyword argument throws UnboundLocalError on Python 2.7.4. A process to reproduce the bug: >>> import Tkinter >>> Tkinter.Tk(baseName="test") Traceback (most recent call last): File "", line 1, in File "/usr/lib/python2.7/lib-tk/Tkinter.py", line 1748, in __init__ if not sys.flags.ignore_environment: UnboundLocalError: local variable 'sys' referenced before assignment A patch to fix the bug: --- Lib/lib-tk/Tkinter.py.orig +++ Lib/lib-tk/Tkinter.py @@ -1736,7 +1736,7 @@ # ensure that self.tk is always _something_. self.tk = None if baseName is None: - import sys, os + import os baseName = os.path.basename(sys.argv[0]) baseName, ext = os.path.splitext(baseName) if ext not in ('.py', '.pyc', '.pyo'): | ||
| msg187422 - (view) | Author: R. David Murray (r.david.murray) *  |
Date: 2013-04-20 13:14 |
| Thanks for the report and patch. It would be nice to turn that test into a unit test. I've run the test on 3.4; this appears to be a 2.7 only bug. | ||
| msg187872 - (view) | Author: Terry J. Reedy (terry.reedy) * |
Date: 2013-04-26 20:22 |
| Line 35 is "import sys" so sys imports within functions are superfluous, as well as contrary to current guidelines. There is another on 1033. Both were removed before 3.3, so this amounts to a 2.7 backport. It took me a moment to see that the unneeded conditional import is not innocuous, as it localizes 'sys' while sometimes leaving it unbound. Good catch. Yashuhiro, can you sign a PSF contributor license agreement? The electronic version is easy. http://www.python.org/psf/contrib/contrib-form/ We don't really need it for this patch, but we hope to see more from you. A minimal test would be a unittest version of assert isinstance(Tk(baseName="test"), Tk) This mainly tests that no exceptions are raised when the arg is present. The doc may suggest that baseName should have a visible effect on the instance that could be tested. If there is already a 3.x test, it should be backported. If not, anything added to 2.7 should be added to 3.x also. | ||
| msg195907 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2013-08-22 15:34 |
| Fixed in changesets fa82071bb7e1 and 0f17aed78168. |
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:44 | admin | set | github: 62003 |
| 2013-08-22 15:34:25 | serhiy.storchaka | set | status: open -> closedsuperseder: Security bug in tkinter allows for untrusted, arbitrary code execution.nosy: + serhiy.storchakamessages: + resolution: duplicatestage: test needed -> resolved |
| 2013-04-26 20:22:38 | terry.reedy | set | nosy: + terry.reedymessages: + |
| 2013-04-20 13:14:56 | r.david.murray | set | nosy: + r.david.murraymessages: + stage: test needed |
| 2013-04-20 11:57:47 | y-fujii | create |