KEMBAR78
UAF: `xml.etree.ElementTree.Element.__deepcopy__` when concurrent mutations happen · Issue #133009 · python/cpython · GitHub
Skip to content

UAF: xml.etree.ElementTree.Element.__deepcopy__ when concurrent mutations happen #133009

@picnixz

Description

@picnixz

Crash report

What happened?

Reproducer:

import xml.etree.ElementTree as ET
from copy import deepcopy

class Evil(ET.Element):
    def __deepcopy__(self, memo):
        root.clear()
        return self

root = ET.Element('a')
root.append(Evil('x'))
deepcopy(root)

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Output from running 'python -VV' on the command line:

Python 3.14.0a7+ (heads/main:7f02ded29fb, Apr 26 2025, 14:29:01) [GCC 7.5.0]

Linked PRs

Metadata

Metadata

Assignees

Labels

extension-modulesC modules in the Modules dirtopic-XMLtype-crashA hard crash of the interpreter, possibly with a core dump

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions