Closed
Description
During fuzzing of Python standard libraries, the following code snippet causes an UnboundLocalError with the following message: UnboundLocalError: cannot access local variable 'pos' where it is not associated with a value'. This occurs in the _get_ptext_to_endchars function at line 1035 in email/_header_value_parser.py.
import email._header_value_parser
email._header_value_parser.parse_message_id("<T@[")Exception Trace
Traceback (most recent call last):
File "/usr/lib/python3.12/email/_header_value_parser.py", line 2118, in get_msg_id
token, value = get_dot_atom_text(value)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/email/_header_value_parser.py", line 1344, in get_dot_atom_text
raise errors.HeaderParseError("expected atom at a start of "
email.errors.HeaderParseError: expected atom at a start of dot-atom-text but found '['
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "rep.py", line 2, in <module>
email._header_value_parser.parse_message_id("<T@[")
File "/usr/lib/python3.12/email/_header_value_parser.py", line 2149, in parse_message_id
token, value = get_msg_id(value)
^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/email/_header_value_parser.py", line 2121, in get_msg_id
token, value = get_no_fold_literal(value)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/email/_header_value_parser.py", line 2066, in get_no_fold_literal
token, value = get_dtext(value)
^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/email/_header_value_parser.py", line 1557, in get_dtext
ptext, value, had_qp = _get_ptext_to_endchars(value, '[]')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/email/_header_value_parser.py", line 1033, in _get_ptext_to_endchars
pos = pos + 1
^^^
UnboundLocalError: cannot access local variable 'pos' where it is not associated with a valueCPython versions tested on:
3.12, 3.11, 3.10, 3.9
Operating systems tested on:
Linux
Linked PRs
- gh-134155: fix AttributeError in email._header_value_parser.get_address #134194
- gh-134152: Fix UnboundLocalError in email._header_value_parser _get_ptext_to_endchars #134233
- [3.13] gh-134152: Fix UnboundLocalError in email._header_value_parser _get_ptext_to_endchars (GH-134233) #134677
- [3.14] gh-134152: Fix UnboundLocalError in email._header_value_parser _get_ptext_to_endchars (GH-134233) #134678
Activity
[-]'UnboundLocalError' in `parse_message_id`[/-][+]'UnboundLocalError' in `email._header_value_parser.parse_message_id`[/+]TypeError: '<' not supported between instances of 'NoneType' and 'int'raised during call toemail.message_from_file#134151ZeroIntensity commentedon May 18, 2025
Do we want to fix private APIs?
picnixz commentedon May 18, 2025
In general no, but UnboundLocalError is pretty much a real issue, even in a private API, so I think we should fix this one at least. We don't need to fix the HeaderParseError, but we need to fix the UnboundLocalError.
sergey-miryanov commentedon May 18, 2025
I have a patch, want to send it in a couple of hours.
sergey-miryanov commentedon May 18, 2025
@picnixz Please take a look.
[-]'UnboundLocalError' in `email._header_value_parser.parse_message_id`[/-][+]`UnboundLocalError` in `email._header_value_parser.parse_message_id`[/+]Merge branch 'pythongh-134152-fix-unbound-local-error-in-email' of gi…
gh-134152: Fix UnboundLocalError in email._header_value_parser _get_p…
pythongh-134152: Fix UnboundLocalError in email._header_value_parser …
12 remaining items