Issue 3475: _elementtree.c import can fail silently (original) (raw)

Issue3475

Created on 2008-07-31 07:13 by naufraghi, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
fix-celementtree.patch ferringb,2009-11-08 07:37 check for exception from PyRun_String, else release the returned ref.
Messages (7)
msg70488 - (view) Author: Matteo Bertini (naufraghi) * Date: 2008-07-31 07:13
Playing with PyInstaller I have found that the final part of _elementtree.c: Index: Modules/_elementtree.c =================================================================== --- Modules/_elementtree.c (revisione 59540) +++ Modules/_elementtree.c (copia locale) @@ -2780,7 +2780,10 @@ ); - PyRun_String(bootstrap, Py_file_input, g, NULL); + if (PyRun_String(bootstrap, Py_file_input, g, NULL) == NULL) + return; elementpath_obj = PyDict_GetItemString(g, "ElementPath"); execute a bit of python code without checking the return value. That can lead to weird things playing with import hooks, for example an assert like this can fail: Index: Lib/test/test_elemettree.py =================================================================== --- Lib/test/test_elemettree.py (revisione 0) +++ Lib/test/test_elemettree.py (revisione 0) @@ -0,0 +1,21 @@ +#! /usr/bin/env python + +def importHook(*args, **kwargs): + if 'xml.etree' in args: + raise ImportError + else: + return __real__import__(*args, **kwargs) + +import os +import __builtin__ +__real__import__ = __builtin__.__import__ +__builtin__.__import__ = importHook + +try: + import xml.etree.cElementTree as cET +except ImportError: + pass +else: + out = os.popen("python -c 'import xml.etree.cElementTree as cET; print dir(cET)'").read().strip() + assert str(dir(cET)) == out, (str(dir(cET)), out) +
msg70489 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2008-07-31 07:51
Fredrik, can you take a look?
msg70656 - (view) Author: Fredrik Lundh (effbot) * (Python committer) Date: 2008-08-03 18:49
This is fixed in the ET 1.3-compatible codebase. Since it's too late to add ET 1.3 to 2.6, I guess it's time to make a new 1.2 bugfix release for 2.6.
msg95038 - (view) Author: Ferringb (ferringb) * Date: 2009-11-08 07:37
At this point, this affects 2.5, 2.6, and 3.1 (and the normal 1.0.5 release of cElementTree); what's required to get this fixed and queued up for micro/minor releases? Sidenote, the patch posted above still leaks a reference-
msg95043 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2009-11-08 18:30
For 2.5, this will not be fixed, as it is not security-critical.
msg95044 - (view) Author: Fredrik Lundh (effbot) * (Python committer) Date: 2009-11-08 18:35
Note that "fail silently" is a bit of a misnomer - if the embedded import doesn't work, portions of the library will fail pretty loudly. Feel free to use some variation of the suggested patch, or just wait until the next upstream release gets imported (if ever).
msg100860 - (view) Author: Florent Xicluna (flox) * (Python committer) Date: 2010-03-11 14:51
Fixed with latest xml.etree.
History
Date User Action Args
2022-04-11 14:56:37 admin set github: 47725
2010-03-11 14:51:35 flox set status: open -> closeddependencies: - Update ElementTree with upstream changessuperseder: Update ElementTree with upstream changesversions: - Python 2.6, Python 3.1messages: + resolution: fixedstage: resolved
2010-02-13 16:04:40 flox set priority: normalnosy: + floxtype: behavior
2010-02-13 15:57:38 flox set dependencies: + Update ElementTree with upstream changes
2009-11-08 18:35:38 effbot set messages: +
2009-11-08 18:30:29 loewis set messages: + versions: + Python 2.6, Python 3.1, Python 2.7, Python 3.2, - Python 2.5
2009-11-08 07:37:26 ferringb set files: + fix-celementtree.patchnosy: + ferringbmessages: + keywords: + patch
2008-08-03 18:49:21 effbot set messages: +
2008-07-31 07:51:55 loewis set assignee: effbotmessages: + nosy: + loewis, effbot
2008-07-31 07:13:10 naufraghi create