KEMBAR78
[3.13] gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when current mutations happen (#127964) by picnixz · Pull Request #131931 · python/cpython · GitHub
Skip to content

[3.13] gh-126037: fix UAF in xml.etree.ElementTree.Element.find* when current mutations happen (#127964) #131931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 31, 2025
Merged

[3.13] gh-126037: fix UAF in xml.etree.ElementTree.Element.find* when current mutations happen (#127964) #131931

merged 1 commit into from
Mar 31, 2025

Conversation

@picnixz
Copy link
Member

@picnixz picnixz commented Mar 31, 2025
edited
Loading

We fix a use-after-free in the find, findtext and findall methods of xml.etree.ElementTree.Element objects that can be triggered when the tag to find implements an __eq__ method that mutates the element being queried.
(cherry picked from commit c57623c)

@picnixz
pythongh-126037: fix UAF in xml.etree.ElementTree.Element.find* whe…
73fb894 
…n concurrent mutations happen (python#127964)

We fix a use-after-free in the `find`, `findtext` and `findall` methods of `xml.etree.ElementTree.Element`
objects that can be triggered when the tag to find implements an `__eq__` method that mutates the
element being queried.
@bedevere-app bedevere-app bot mentioned this pull request Mar 31, 2025
Merged
@bedevere-app bedevere-app bot mentioned this pull request Mar 31, 2025
Closed
@picnixz picnixz self-assigned this Mar 31, 2025
@picnixz picnixz merged commit 588bb6d into python:3.13 Mar 31, 2025
39 checks passed
@picnixz picnixz deleted the bp-313/c57623c221d46daeaedfbf2b32d041fde0c882de/xml-evil-find-126037 branch March 31, 2025 12:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@picnixz picnixz

Labels

topic-XML

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@picnixz