Skip to content

gh-140593: Fix a memory leak in function my_ElementDeclHandler of pyexpat #140602

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 26, 2025
Merged

gh-140593: Fix a memory leak in function my_ElementDeclHandler of pyexpat #140602

merged 7 commits into from
Oct 26, 2025

Conversation

@hartwork
Copy link
Contributor

@hartwork hartwork commented Oct 25, 2025
edited by bedevere-app bot
Loading

@bedevere-app bedevere-app bot mentioned this pull request Oct 25, 2025
Closed
picnixz
picnixz approved these changes Oct 26, 2025
View reviewed changes
Copy link
Member

@picnixz picnixz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Modulo the test refactoring.

@picnixz picnixz added needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Oct 26, 2025
@picnixz
Copy link
Member

picnixz commented Oct 26, 2025

How bad is it when the model is leaked? I see that you can leak only few bytes per bad call, so to cause a DoS you'll likely need many calls to blow-up the memory (and probably specific inputs) but I don't know which information is actually being leaked.

@hartwork
Copy link
Contributor Author

@picnixz hi!

Modulo the test refactoring.

I know modulo but do not understand this statement. What do you mean?

@picnixz
Copy link
Member

picnixz commented Oct 26, 2025

Sorry, job conditioning :) I meant "let's merge this once you've addressed the comments about the tests you added".

@hartwork
Copy link
Contributor Author

How bad is it when the model is leaked? I see that you can leak only few bytes per bad call, so to cause a DoS you'll likely need many calls to blow-up the memory (and probably specific inputs)

@picnixz that is my impression too. So it's a bug but likely without attack surface.

but I don't know which information is actually being leaked.

The so-called content model. I adjusted in-test comments now realizing that the "32 to 56" bytes was due to the precise test and could be more depending on the input XML content.

@hartwork
Copy link
Contributor Author

@picnixz thanks for the review! 🙏

@picnixz
Copy link
Member

picnixz commented Oct 26, 2025

that is my impression too. So it's a bug but likely without attack surface.

Thanks. So I'll only backport this up to 3.13.

@picnixz picnixz enabled auto-merge (squash) October 26, 2025 13:32
@picnixz picnixz merged commit e34a5e3 into python:main Oct 26, 2025
45 checks passed
@miss-islington-app
Copy link

Thanks @hartwork for the PR, and @picnixz for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Oct 26, 2025
@hartwork @miss-islington
pythongh-140593: Fix a memory leak in function `my_ElementDeclHandler…
462303d 
…` of `pyexpat` (pythonGH-140602)

Ensure that the memory allocated for the content model
passed to `my_ElementDeclHandler` is freed in all error
paths.
(cherry picked from commit e34a5e3)

Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Oct 26, 2025
@hartwork @miss-islington
pythongh-140593: Fix a memory leak in function `my_ElementDeclHandler…
2d642d9 
…` of `pyexpat` (pythonGH-140602)

Ensure that the memory allocated for the content model
passed to `my_ElementDeclHandler` is freed in all error
paths.
(cherry picked from commit e34a5e3)

Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
@bedevere-app
Copy link

bedevere-app bot commented Oct 26, 2025

GH-140624 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Oct 26, 2025
@bedevere-app
Copy link

bedevere-app bot commented Oct 26, 2025

GH-140625 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Oct 26, 2025
hartwork added a commit to hartwork/cpython that referenced this pull request Oct 26, 2025
@hartwork
[3.14] pythongh-140593: Fix a memory leak in function `my_ElementDecl…
a55e2f1 
…Handler` of `pyexpat` (pythonGH-140602)

Ensure that the memory allocated for the content model
passed to `my_ElementDeclHandler` is freed in all error
paths.
(cherry picked from commit e34a5e3)

Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
@bedevere-app
Copy link

bedevere-app bot commented Oct 26, 2025

GH-140629 is a backport of this pull request to the 3.14 branch.

1 similar comment
@bedevere-app
Copy link

bedevere-app bot commented Oct 26, 2025

GH-140629 is a backport of this pull request to the 3.14 branch.

hartwork added a commit to hartwork/cpython that referenced this pull request Oct 26, 2025
@hartwork
[3.13] pythongh-140593: Fix a memory leak in function `my_ElementDecl…
d4677b8 
…Handler` of `pyexpat` (pythonGH-140602)

Ensure that the memory allocated for the content model
passed to `my_ElementDeclHandler` is freed in all error
paths.
(cherry picked from commit e34a5e3)

Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
@bedevere-app
Copy link

bedevere-app bot commented Oct 26, 2025

GH-140630 is a backport of this pull request to the 3.13 branch.

picnixz pushed a commit that referenced this pull request Oct 26, 2025
@hartwork
[3.14] gh-140593: Fix a memory leak in function `my_ElementDeclHandle…
842c49b 
…r` of `pyexpat` (GH-140602) (#140629)

[3.14] gh-140593: Fix a memory leak in function `my_ElementDeclHandler` of `pyexpat` (GH-140602)

Ensure that the memory allocated for the content model
passed to `my_ElementDeclHandler` is freed in all error
paths.

(cherry picked from commit e34a5e3)
picnixz pushed a commit that referenced this pull request Oct 26, 2025
@hartwork
[3.13] gh-140593: Fix a memory leak in function `my_ElementDeclHandle…
7abbf51 
…r` of `pyexpat` (GH-140602) (#140630)

[3.13] gh-140593: Fix a memory leak in function `my_ElementDeclHandler` of `pyexpat` (GH-140602)

Ensure that the memory allocated for the content model
passed to `my_ElementDeclHandler` is freed in all error
paths.

(cherry picked from commit e34a5e3)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@picnixz picnixz picnixz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hartwork @picnixz