From 0477896c68dcd61bdf2ba3c3f6b4bb4932f064c2 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Mon, 21 Mar 2022 13:00:43 +0200 Subject: [PATCH] bpo-23691: Protect the re.finditer() iterator from re-entering (GH-32012) (cherry picked from commit 08eb754d840696914928355014c2d424131f8835) Co-authored-by: Serhiy Storchaka --- .../2022-03-20-22-13-24.bpo-23691.Nc2TrW.rst | 1 + Modules/_sre.c | 44 +++++++++++++++++-- Modules/sre.h | 1 + 3 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2022-03-20-22-13-24.bpo-23691.Nc2TrW.rst diff --git a/Misc/NEWS.d/next/Library/2022-03-20-22-13-24.bpo-23691.Nc2TrW.rst b/Misc/NEWS.d/next/Library/2022-03-20-22-13-24.bpo-23691.Nc2TrW.rst new file mode 100644 index 00000000000000..053a2b2709ee8d --- /dev/null +++ b/Misc/NEWS.d/next/Library/2022-03-20-22-13-24.bpo-23691.Nc2TrW.rst @@ -0,0 +1 @@ +Protect the :func:`re.finditer` iterator from re-entering. diff --git a/Modules/_sre.c b/Modules/_sre.c index d21b533530187e..911626dafc977f 100644 --- a/Modules/_sre.c +++ b/Modules/_sre.c @@ -2510,6 +2510,25 @@ scanner_dealloc(ScannerObject* self) Py_DECREF(tp); } +static int +scanner_begin(ScannerObject* self) +{ + if (self->executing) { + PyErr_SetString(PyExc_ValueError, + "regular expression scanner already executing"); + return 0; + } + self->executing = 1; + return 1; +} + +static void +scanner_end(ScannerObject* self) +{ + assert(self->executing); + self->executing = 0; +} + /*[clinic input] _sre.SRE_Scanner.match @@ -2527,16 +2546,23 @@ _sre_SRE_Scanner_match_impl(ScannerObject *self, PyTypeObject *cls) PyObject* match; Py_ssize_t status; - if (state->start == NULL) + if (!scanner_begin(self)) { + return NULL; + } + if (state->start == NULL) { + scanner_end(self); Py_RETURN_NONE; + } state_reset(state); state->ptr = state->start; status = sre_match(state, PatternObject_GetCode(self->pattern)); - if (PyErr_Occurred()) + if (PyErr_Occurred()) { + scanner_end(self); return NULL; + } match = pattern_new_match(module_state, (PatternObject*) self->pattern, state, status); @@ -2548,6 +2574,7 @@ _sre_SRE_Scanner_match_impl(ScannerObject *self, PyTypeObject *cls) state->start = state->ptr; } + scanner_end(self); return match; } @@ -2569,16 +2596,23 @@ _sre_SRE_Scanner_search_impl(ScannerObject *self, PyTypeObject *cls) PyObject* match; Py_ssize_t status; - if (state->start == NULL) + if (!scanner_begin(self)) { + return NULL; + } + if (state->start == NULL) { + scanner_end(self); Py_RETURN_NONE; + } state_reset(state); state->ptr = state->start; status = sre_search(state, PatternObject_GetCode(self->pattern)); - if (PyErr_Occurred()) + if (PyErr_Occurred()) { + scanner_end(self); return NULL; + } match = pattern_new_match(module_state, (PatternObject*) self->pattern, state, status); @@ -2590,6 +2624,7 @@ _sre_SRE_Scanner_search_impl(ScannerObject *self, PyTypeObject *cls) state->start = state->ptr; } + scanner_end(self); return match; } @@ -2607,6 +2642,7 @@ pattern_scanner(_sremodulestate *module_state, if (!scanner) return NULL; scanner->pattern = NULL; + scanner->executing = 0; /* create search state object */ if (!state_init(&scanner->state, self, string, pos, endpos)) { diff --git a/Modules/sre.h b/Modules/sre.h index 9b0d8b190426ac..785adbd003e7fd 100644 --- a/Modules/sre.h +++ b/Modules/sre.h @@ -89,6 +89,7 @@ typedef struct { PyObject_HEAD PyObject* pattern; SRE_STATE state; + int executing; } ScannerObject; #endif