close
Skip to content

gh-148735: Fix a UAF in Element.findtext()#148738

Open
StanFromIreland wants to merge 3 commits intopython:mainfrom
StanFromIreland:findall
Open

gh-148735: Fix a UAF in Element.findtext()#148738
StanFromIreland wants to merge 3 commits intopython:mainfrom
StanFromIreland:findall

Conversation

@StanFromIreland
Copy link
Copy Markdown
Member

@StanFromIreland StanFromIreland commented Apr 18, 2026
edited
Loading

This was a regression introduced by c57623c.

cpython/Modules/_elementtree.c

Line 575 in ae55e9c

/* return borrowed reference to text attribute */

@StanFromIreland
Fix a UAF in
ae55e9c 
`Element.findtext()`
@StanFromIreland StanFromIreland requested a review from picnixz April 18, 2026 20:41
@bedevere-app bedevere-app Bot mentioned this pull request Apr 18, 2026
Open
picnixz
picnixz reviewed Apr 19, 2026
View reviewed changes
Comment thread Modules/_elementtree.c Outdated
picnixz
picnixz reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@picnixz picnixz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All the occurrences you change are of the form (get borrowed) followed by (incref) right? if so, it is ok to change it to (get strong ref) but otherwise we may have un-necessary incref/decref. Currently XML is not FT-safe but if we (I) want to make it so, we should avoid incref/decref in hot paths

Comment thread Misc/NEWS.d/next/Library/2026-04-18-21-39-15.gh-issue-148735.siw6DG.rst Outdated
serhiy-storchaka
serhiy-storchaka reviewed Apr 22, 2026
View reviewed changes
Comment thread Misc/NEWS.d/next/Library/2026-04-18-21-39-15.gh-issue-148735.siw6DG.rst Outdated
@serhiy-storchaka
Copy link
Copy Markdown
Member

serhiy-storchaka commented Apr 22, 2026

but otherwise we may have un-necessary incref/decref

The number of incerfs/decrefs remains the same. They are not unnecessary.

@picnixz
Copy link
Copy Markdown
Member

picnixz commented Apr 22, 2026

Yeah I was not sure about this as I am on mobile. Thanks for checking

serhiy-storchaka
serhiy-storchaka approved these changes Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@serhiy-storchaka serhiy-storchaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. 👍

@serhiy-storchaka serhiy-storchaka added needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Apr 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@serhiy-storchaka serhiy-storchaka serhiy-storchaka approved these changes

@vstinner vstinner Awaiting requested review from vstinner

@picnixz picnixz Awaiting requested review from picnixz

Assignees

No one assigned

Labels

awaiting merge needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@StanFromIreland @serhiy-storchaka @picnixz