gh-140593: Fix a memory leak in function `my_ElementDeclHandler` of `pyexpat` by hartwork · Pull Request #140602 · python/cpython

hartwork · 2025-10-25T19:44:20Z

CC @StanFromIreland @YuanchengJiang

Issue: Memory leak in function my_ElementDeclHandler of pyexpat #140593

picnixz

Modulo the test refactoring.

Lib/test/test_pyexpat.py

picnixz · 2025-10-26T10:34:14Z

How bad is it when the model is leaked? I see that you can leak only few bytes per bad call, so to cause a DoS you'll likely need many calls to blow-up the memory (and probably specific inputs) but I don't know which information is actually being leaked.

hartwork · 2025-10-26T13:06:52Z

@picnixz hi!

Modulo the test refactoring.

I know modulo but do not understand this statement. What do you mean?

picnixz · 2025-10-26T13:08:49Z

Sorry, job conditioning :) I meant "let's merge this once you've addressed the comments about the tests you added".

I'm not in support of this - readability goes down - but it was requested.

As requested.

hartwork · 2025-10-26T13:20:02Z

How bad is it when the model is leaked? I see that you can leak only few bytes per bad call, so to cause a DoS you'll likely need many calls to blow-up the memory (and probably specific inputs)

@picnixz that is my impression too. So it's a bug but likely without attack surface.

but I don't know which information is actually being leaked.

The so-called content model. I adjusted in-test comments now realizing that the "32 to 56" bytes was due to the precise test and could be more depending on the input XML content.

hartwork · 2025-10-26T13:21:43Z

@picnixz thanks for the review! 🙏

picnixz · 2025-10-26T13:24:01Z

that is my impression too. So it's a bug but likely without attack surface.

Thanks. So I'll only backport this up to 3.13.

miss-islington-app · 2025-10-26T13:45:36Z

Thanks @hartwork for the PR, and @picnixz for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14.
🐍🍒⛏🤖

…` of `pyexpat` (pythonGH-140602) Ensure that the memory allocated for the content model passed to `my_ElementDeclHandler` is freed in all error paths. (cherry picked from commit e34a5e3) Co-authored-by: Sebastian Pipping <[email protected]>

bedevere-app · 2025-10-26T13:45:48Z

GH-140624 is a backport of this pull request to the 3.14 branch.

bedevere-app · 2025-10-26T13:45:53Z

GH-140625 is a backport of this pull request to the 3.13 branch.

…Handler` of `pyexpat` (pythonGH-140602) Ensure that the memory allocated for the content model passed to `my_ElementDeclHandler` is freed in all error paths. (cherry picked from commit e34a5e3) Co-authored-by: Sebastian Pipping <[email protected]>

bedevere-app · 2025-10-26T14:53:01Z

GH-140629 is a backport of this pull request to the 3.14 branch.

bedevere-app · 2025-10-26T14:53:16Z

GH-140629 is a backport of this pull request to the 3.14 branch.

…Handler` of `pyexpat` (pythonGH-140602) Ensure that the memory allocated for the content model passed to `my_ElementDeclHandler` is freed in all error paths. (cherry picked from commit e34a5e3) Co-authored-by: Sebastian Pipping <[email protected]>

bedevere-app · 2025-10-26T15:00:05Z

GH-140630 is a backport of this pull request to the 3.13 branch.

…r` of `pyexpat` (GH-140602) (#140629) [3.14] gh-140593: Fix a memory leak in function `my_ElementDeclHandler` of `pyexpat` (GH-140602) Ensure that the memory allocated for the content model passed to `my_ElementDeclHandler` is freed in all error paths. (cherry picked from commit e34a5e3)

…r` of `pyexpat` (GH-140602) (#140630) [3.13] gh-140593: Fix a memory leak in function `my_ElementDeclHandler` of `pyexpat` (GH-140602) Ensure that the memory allocated for the content model passed to `my_ElementDeclHandler` is freed in all error paths. (cherry picked from commit e34a5e3)

…` of `pyexpat` (python#140602) Ensure that the memory allocated for the content model passed to `my_ElementDeclHandler` is freed in all error paths.

hartwork added 3 commits October 25, 2025 21:40

pyexpat: Add news item for issue 140593

5e04f8a

pyexpat: Fix mistaken bypass of call to XML_FreeContentModel

caae331

pyexpat: Add test for pytest memleak issue 140593

b1ddc3b

bedevere-app bot added the awaiting review label Oct 25, 2025

bedevere-app bot mentioned this pull request Oct 25, 2025

Memory leak in function my_ElementDeclHandler of pyexpat #140593

Closed

picnixz approved these changes Oct 26, 2025

View reviewed changes

Lib/test/test_pyexpat.py Outdated Show resolved Hide resolved

Lib/test/test_pyexpat.py Outdated Show resolved Hide resolved

Lib/test/test_pyexpat.py Outdated Show resolved Hide resolved

bedevere-app bot added awaiting merge and removed awaiting review labels Oct 26, 2025

picnixz added needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Oct 26, 2025

hartwork added 4 commits October 26, 2025 14:09

Move and rename the test class + add full stop to comment

fcf2f31

Refactor self.assertRaises call

afb6b42

I'm not in support of this - readability goes down - but it was requested.

Add "See " and another full stop for the new sentence.

b6e9fab

As requested.

Improve comment on the nature of the leak

a56f668

picnixz approved these changes Oct 26, 2025

View reviewed changes

picnixz enabled auto-merge (squash) October 26, 2025 13:32

picnixz merged commit e34a5e3 into python:main Oct 26, 2025
45 checks passed

bedevere-app bot removed the awaiting merge label Oct 26, 2025

bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Oct 26, 2025

bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Oct 26, 2025

Uh oh!

Conversation

hartwork commented Oct 25, 2025 • edited by bedevere-app bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

picnixz left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

picnixz commented Oct 26, 2025

Uh oh!

hartwork commented Oct 26, 2025

Uh oh!

picnixz commented Oct 26, 2025

Uh oh!

hartwork commented Oct 26, 2025

Uh oh!

hartwork commented Oct 26, 2025

Uh oh!

picnixz commented Oct 26, 2025

Uh oh!

Uh oh!

miss-islington-app bot commented Oct 26, 2025

Uh oh!

bedevere-app bot commented Oct 26, 2025

Uh oh!

bedevere-app bot commented Oct 26, 2025

Uh oh!

bedevere-app bot commented Oct 26, 2025

Uh oh!

bedevere-app bot commented Oct 26, 2025

Uh oh!

bedevere-app bot commented Oct 26, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

hartwork commented Oct 25, 2025 •

edited by bedevere-app bot

Loading