classification
Title: A possible null pointer dereference in _pickle.c's save_reduce()
Type: crash Stage: resolved
Components: Extension Modules Versions: Python 3.8, Python 3.7, Python 3.6
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: ZackerySpytz, miss-islington, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2018-10-15 06:44 by ZackerySpytz, last changed 2018-12-06 15:06 by ZackerySpytz. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 9886 merged ZackerySpytz, 2018-10-15 06:47
PR 10932 merged miss-islington, 2018-12-05 18:29
PR 10933 merged miss-islington, 2018-12-05 18:29
Messages (8)
msg327732 - (view) Author: Zackery Spytz (ZackerySpytz) * Date: 2018-10-15 06:44
The get_class() call in save_reduce() is not checked for failure.
msg327733 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-10-15 06:59
It is checked, and there is a comment about this.

    p = obj_class != cls;    /* true iff a problem */
msg327739 - (view) Author: Zackery Spytz (ZackerySpytz) * Date: 2018-10-15 09:19
It is not properly checked: Py_DECREF() is always called on the result of get_class(), but get_class() can return NULL.
msg327960 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-10-18 10:32
You are right. Although, get_class() can return NULL without set an exception. We have to set an exception in such case (the same exception as for `obj_class != cls` looks appropriate).
msg329465 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-11-08 09:51
I was wrong. get_class() returns NULL when and only when an exception is set.
msg331139 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-12-05 18:29
New changeset 25d389789c59a52a31770f7c50ce9e02a8909190 by Serhiy Storchaka (Zackery Spytz) in branch 'master':
bpo-34987: Fix a possible null pointer dereference in _pickle.c's save_reduce(). (GH-9886)
https://github.com/python/cpython/commit/25d389789c59a52a31770f7c50ce9e02a8909190
msg331146 - (view) Author: miss-islington (miss-islington) Date: 2018-12-05 19:35
New changeset e2f376f284b7bf1388d85e99dce646cabc507016 by Miss Islington (bot) in branch '3.7':
bpo-34987: Fix a possible null pointer dereference in _pickle.c's save_reduce(). (GH-9886)
https://github.com/python/cpython/commit/e2f376f284b7bf1388d85e99dce646cabc507016
msg331147 - (view) Author: miss-islington (miss-islington) Date: 2018-12-05 19:35
New changeset 92d912c344e6c21de46da29f0dc45b7e476fa79d by Miss Islington (bot) in branch '3.6':
bpo-34987: Fix a possible null pointer dereference in _pickle.c's save_reduce(). (GH-9886)
https://github.com/python/cpython/commit/92d912c344e6c21de46da29f0dc45b7e476fa79d
History
Date User Action Args
2018-12-06 15:06:00ZackerySpytzsetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2018-12-05 19:35:50miss-islingtonsetmessages: + msg331147
2018-12-05 19:35:45miss-islingtonsetnosy: + miss-islington
messages: + msg331146
2018-12-05 18:29:51miss-islingtonsetpull_requests: + pull_request10188
2018-12-05 18:29:37miss-islingtonsetpull_requests: + pull_request10187
2018-12-05 18:29:25serhiy.storchakasetmessages: + msg331139
2018-11-08 09:51:49serhiy.storchakasetmessages: + msg329465
2018-10-18 10:32:46serhiy.storchakasetmessages: + msg327960
2018-10-15 09:19:51ZackerySpytzsetmessages: + msg327739
2018-10-15 06:59:21serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg327733
2018-10-15 06:47:00ZackerySpytzsetkeywords: + patch
stage: patch review
pull_requests: + pull_request9249
2018-10-15 06:44:10ZackerySpytzcreate