bpo-31758: Prevent crashes when using an uninitialized _elementtree.XMLParser object (GH-3997) (GH-19485)
(cherry picked from commit 402e1cdb132f384e4dcde7a3d7ec7ea1fc7ab527)
diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
index 776b86c..a96e3f4 100644
--- a/Modules/_elementtree.c
+++ b/Modules/_elementtree.c
@@ -3877,6 +3877,17 @@
Py_TYPE(self)->tp_free((PyObject *)self);
}
+Py_LOCAL_INLINE(int)
+_check_xmlparser(XMLParserObject* self)
+{
+ if (self->target == NULL) {
+ PyErr_SetString(PyExc_ValueError,
+ "XMLParser.__init__() wasn't called");
+ return 0;
+ }
+ return 1;
+}
+
LOCAL(PyObject*)
expat_parse(XMLParserObject* self, const char* data, int data_len, int final)
{
@@ -3913,6 +3924,10 @@
/* end feeding data to parser */
PyObject* res;
+
+ if (!_check_xmlparser(self)) {
+ return NULL;
+ }
res = expat_parse(self, "", 0, 1);
if (!res)
return NULL;
@@ -3944,6 +3959,9 @@
{
/* feed data to parser */
+ if (!_check_xmlparser(self)) {
+ return NULL;
+ }
if (PyUnicode_Check(data)) {
Py_ssize_t data_len;
const char *data_ptr = PyUnicode_AsUTF8AndSize(data, &data_len);
@@ -3991,6 +4009,9 @@
PyObject* temp;
PyObject* res;
+ if (!_check_xmlparser(self)) {
+ return NULL;
+ }
reader = PyObject_GetAttrString(file, "read");
if (!reader)
return NULL;
@@ -4078,6 +4099,9 @@
TreeBuilderObject *target;
PyObject *events_append, *events_seq;
+ if (!_check_xmlparser(self)) {
+ return NULL;
+ }
if (!TreeBuilder_CheckExact(self->target)) {
PyErr_SetString(
PyExc_TypeError,