classification
Title: Use after free in xmlparser_setevents (2)
Type: crash Stage: resolved
Components: Extension Modules, XML Versions: Python 3.5, Python 3.4
process
Status: closed Resolution: duplicate
Dependencies: Superseder: Use after free in xmlparser_setevents (1)
View: 24103
Assigned To: Nosy List: Alex.LordThorsen, Arfrever, christian.heimes, martin.panter, pkt, serhiy.storchaka
Priority: normal Keywords:

Created on 2015-05-01 14:15 by pkt, last changed 2016-01-03 06:22 by serhiy.storchaka. This issue is now closed.

Files
File name Uploaded Description Edit
poc_xml_setevents2.py pkt, 2015-05-01 14:15
Messages (5)
msg242321 - (view) Author: paul (pkt) Date: 2015-05-01 14:15
# Program received signal SIGSEGV, Segmentation fault.
# 0x4068565c in xmlparser_setevents (self=0x4064b13c, args=([], [<S2 at remote 0x4064b0e4>]))
#     at /home/p/Python-3.4.1/Modules/_elementtree.c:3562
# 3562            if (PyUnicode_Check(event_name_obj)) {
# (gdb) print *event_name_obj
# $6 = {_ob_next = 0xdbdbdbdb, _ob_prev = 0xdbdbdbdb, ob_refcnt = -606348325, ob_type = 0xdbdbdbdb}
# 
# 
# "event_name_obj" is deleted inside a custom destructor. Use after free.
msg242839 - (view) Author: Alex LordThorsen (Alex.LordThorsen) * Date: 2015-05-09 20:37
../cpython/python.exe test_xmlparser_setevents.py
__del__ 1
__del__ 3
Segmentation fault: 11

Confirmation on 3.5.0a4 Python 3.5.0a4+
msg246067 - (view) Author: paul (pkt) Date: 2015-07-02 10:26
ping
msg246146 - (view) Author: paul (pkt) Date: 2015-07-03 07:45
ping
msg257389 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2016-01-03 00:40
Serhiy, you mentioned your Issue 24103 patch also fixes this. Should we close this one now as well, or is there more to do?
History
Date User Action Args
2016-01-03 06:22:14serhiy.storchakasetstatus: open -> closed
superseder: Use after free in xmlparser_setevents (1)
resolution: duplicate
stage: needs patch -> resolved
2016-01-03 00:40:37martin.pantersetnosy: + martin.panter
messages: + msg257389
2015-07-03 07:45:54pktsetmessages: + msg246146
2015-07-02 10:26:31pktsetmessages: + msg246067
2015-05-09 20:37:25Alex.LordThorsensetnosy: + Alex.LordThorsen
messages: + msg242839
2015-05-03 06:55:25Arfreversetnosy: + Arfrever
2015-05-02 04:53:31serhiy.storchakasetnosy: + serhiy.storchaka
components: + XML
2015-05-01 14:18:37christian.heimessetnosy: + christian.heimes
stage: needs patch

components: + Extension Modules
versions: + Python 3.5
2015-05-01 14:15:42pktcreate