Created on 2017-10-13 16:56 by Oren Milman, last changed 2017-10-20 20:43 by brett.cannon. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 3986 | merged | Oren Milman, 2017-10-13 19:27 | |
| Messages (3) | |||
|---|---|---|---|
| msg304346 - (view) | Author: Oren Milman (Oren Milman) * | Date: 2017-10-13 16:56 | |
The following code crashes:
import zipimport
zi = zipimport.zipimporter.__new__(zipimport.zipimporter)
zi.find_module('foo')
This is because get_module_info() (in Modules/zipimport.c) assumes that the
zipimporter object is initialized, so it assumes that `self->prefix` is not
NULL, and passes it to make_filename(), which crashes.
get_module_code() makes the same assumption, and zipimport_zipimporter_get_data_impl()
assumes that `self->archive` is not NULL, and passes it to PyUnicode_GET_LENGTH(),
which crashes.
Thus, every method of an uninitialized zipimporter object might crash.
I would open a PR to fix this soon.
|
|||
| msg304680 - (view) | Author: Brett Cannon (brett.cannon) *  |
Date: 2017-10-20 20:42 | |
New changeset db60a5bfa5d5f7a6f1538cc1fe76f0fda57b524e by Brett Cannon (Oren Milman) in branch 'master': bpo-31781: Prevent crashes when calling methods of an uninitialized zipimport.zipimporter object (GH-3986) https://github.com/python/cpython/commit/db60a5bfa5d5f7a6f1538cc1fe76f0fda57b524e |
|||
| msg304681 - (view) | Author: Brett Cannon (brett.cannon) * |
Date: 2017-10-20 20:43 | |
As always, thanks for the fix, Oren! |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2017-10-20 20:43:37 | brett.cannon | set | status: open -> closed resolution: fixed messages: + msg304681 stage: patch review -> resolved |
| 2017-10-20 20:42:37 | brett.cannon | set | nosy:
+ brett.cannon messages: + msg304680 |
| 2017-10-13 19:27:54 | Oren Milman | set | keywords:
+ patch stage: patch review pull_requests: + pull_request3962 |
| 2017-10-13 16:56:47 | Oren Milman | create | |