fix UAF in xml.etree.ElementTree.Element.__deepcopy__

Author: picnixz

Lib/test/test_xml_etree.py

@@ -2960,6 +2960,24 @@ def element_factory(x, y):
         del b
         gc_collect()
 
+    def test_deepcopy(self):
+        # Prevent crashes when __deepcopy__() mutates the element being copied.
+        # See https://github.com/python/cpython/issues/133009.
+        class X(ET.Element):
+            def __deepcopy__(self, memo):
+                root.clear()
+                return self
+
+        root = ET.Element('a')
+        evil = X('x')
+        root.extend([evil, ET.Element('y')])
+        if is_python_implementation():
+            self.assertRaises(RuntimeError, copy.deepcopy, root)
+        else:
+            c = copy.deepcopy(root)
+            # In the C implementation, we can still copy the evil element.
+            self.assertListEqual(list(c), [evil])
+
 
 class MutationDeleteElementPath(str):
     def __new__(cls, elem, *args):

Misc/NEWS.d/next/Library/2025-04-26-15-50-12.gh-issue-133009.etBuz5.rst

@@ -0,0 +1,3 @@
+:mod:`xml.etree.ElementTree`: Fix a crash in :meth:`Element.__deepcopy__
+<object.__deepcopy__>` when the element is concurrently mutated.
+Patch by Bénédikt Tran.

Modules/_elementtree.c

@@ -813,11 +813,16 @@ _elementtree_Element___deepcopy___impl(ElementObject *self, PyObject *memo)
 
     PyTypeObject *tp = Py_TYPE(self);
     elementtreestate *st = get_elementtree_state_by_type(tp);
+    // Since the 'tag' attribute is undeletable, deepcopy() should be safe.
     tag = deepcopy(st, self->tag, memo);
+    assert(self->tag != NULL);
     if (!tag)
         return NULL;
 
     if (self->extra && self->extra->attrib) {
+        // While deepcopy(self->extra->attrib) may cause 'self->extra' to be
+        // NULL, we do not use it afterawrds without checking this, so no need
+        // to temporarily incref 'self->extra->attrib'.
         attrib = deepcopy(st, self->extra->attrib, memo);
         if (!attrib) {
             Py_DECREF(tag);
@@ -835,12 +840,16 @@ _elementtree_Element___deepcopy___impl(ElementObject *self, PyObject *memo)
     if (!element)
         return NULL;
 
+    // Since the 'text' attribute is undeletable, deepcopy() should be safe.
     text = deepcopy(st, JOIN_OBJ(self->text), memo);
+    assert(JOIN_OBJ(self->text) != NULL);
     if (!text)
         goto error;
     _set_joined_ptr(&element->text, JOIN_SET(text, JOIN_GET(self->text)));
 
+    // Since the 'tail' attribute is undeletable, deepcopy() should be safe.
     tail = deepcopy(st, JOIN_OBJ(self->tail), memo);
+    assert(JOIN_OBJ(self->tail) != NULL);
     if (!tail)
         goto error;
     _set_joined_ptr(&element->tail, JOIN_SET(tail, JOIN_GET(self->tail)));
@@ -850,9 +859,11 @@ _elementtree_Element___deepcopy___impl(ElementObject *self, PyObject *memo)
         if (element_resize(element, self->extra->length) < 0)
             goto error;
 
-        // TODO(picnixz): check for an evil child's __deepcopy__ on 'self'
-        for (i = 0; i < self->extra->length; i++) {
-            PyObject* child = deepcopy(st, self->extra->children[i], memo);
+        // TODO(picnixz): should we protect against mutations from 'memo'?
+        for (i = 0; self->extra && i < self->extra->length; i++) {
+            PyObject* itemi = Py_NewRef(self->extra->children[i]);
+            PyObject* child = deepcopy(st, itemi, memo);
+            Py_DECREF(itemi);
             if (!child || !Element_Check(st, child)) {
                 if (child) {
                     raise_type_error(child);
@@ -865,7 +876,12 @@ _elementtree_Element___deepcopy___impl(ElementObject *self, PyObject *memo)
         }
 
         assert(!element->extra->length);
-        element->extra->length = self->extra->length;
+        /*
+         * The original 'self->extra' may be gone at this point if deepcopy()
+         * had side-effects. However, 'i' is the number of copied items that
+         * we were able to successfully copy.
+         */
+        element->extra->length = i;
     }
 
     /* add object to memo dictionary (so deepcopy won't visit it again) */