This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: potential double free in Modules/_randommodule.c line 295 and line 317
Type: security Stage: resolved
Components: Extension Modules Versions: Python 3.8, Python 3.7
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: ZackerySpytz, benjamin.peterson, mark.dickinson, miss-islington, rhettinger, wjq-security, xtreak
Priority: normal Keywords: patch

Created on 2019-02-14 06:09 by wjq-security, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 11849 merged ZackerySpytz, 2019-02-14 07:02
PR 11851 merged miss-islington, 2019-02-14 07:43
Messages (4)
msg335498 - (view) Author: Karthikeyan Singaravelan (xtreak) * (Python committer) Date: 2019-02-14 06:20
Though random module doesn't receive frequent changes can you please add the relevant lines in the description or the relevant commit with the corresponding line number in the report with a description. 

On master with commit [0] line 295 calls PyMem_Free(key); and then calls goto Done where PyMem_Free(key); is again executed which I assume is the report.

msg335499 - (view) Author: wangjiangqiang (wjq-security) Date: 2019-02-14 06:35
line 295 calls PyMem_Free(key),then "key" was freed again in line 317 which causes the bug.
msg335506 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2019-02-14 07:43
New changeset bb3c05d7efca8d23bf39bc2640297ba2598899f3 by Benjamin Peterson (Zackery Spytz) in branch 'master':
closes bpo-35991: Fix a potential double free in Modules/_randommodule.c. (GH-11849)
msg335507 - (view) Author: miss-islington (miss-islington) Date: 2019-02-14 08:02
New changeset e20893596f4ecbca90be6caecbf8c22c9629376d by Miss Islington (bot) in branch '3.7':
closes bpo-35991: Fix a potential double free in Modules/_randommodule.c. (GH-11849)
Date User Action Args
2022-04-11 14:59:11adminsetgithub: 80172
2019-02-14 09:27:13ZackerySpytzsetnosy: + ZackerySpytz

components: + Extension Modules
versions: + Python 3.7, Python 3.8
2019-02-14 08:02:15miss-islingtonsetnosy: + miss-islington
messages: + msg335507
2019-02-14 07:43:39miss-islingtonsetpull_requests: + pull_request11883
2019-02-14 07:43:21benjamin.petersonsetstatus: open -> closed

nosy: + benjamin.peterson
messages: + msg335506

resolution: fixed
stage: patch review -> resolved
2019-02-14 07:02:30ZackerySpytzsetkeywords: + patch
stage: patch review
pull_requests: + pull_request11880
2019-02-14 06:35:32wjq-securitysetmessages: + msg335499
2019-02-14 06:20:44xtreaksetnosy: + rhettinger, xtreak, mark.dickinson
messages: + msg335498
2019-02-14 06:09:55wjq-securitycreate