Message291595
_posixsubprocess.fork_exec() takes a sequence of file descriptors. It first validates it, and since the validation is passed uses it without checking for errors. But since __len__, __getitem__ and __int__ can execute user code and release GIL, errors can occur after the validation. This can cause a crash.
Proposed patch fixes this by the simplest way -- it restricts the type of a sequence to tuple and types of elements to int. Since _posixsubprocess is private module this shouldn't break third-party code.
Other issue with _posixsubprocess.fork_exec() was that it converts args to a tuple or a list and iterate it without checking if the size is changed. |
|
Date |
User |
Action |
Args |
2017-04-13 10:14:01 | serhiy.storchaka | set | recipients:
+ serhiy.storchaka |
2017-04-13 10:14:01 | serhiy.storchaka | set | messageid: <1492078441.09.0.999748140134.issue30065@psf.upfronthosting.co.za> |
2017-04-13 10:14:00 | serhiy.storchaka | link | issue30065 messages |
2017-04-13 10:14:00 | serhiy.storchaka | create | |
|