This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: A possible double PyMem_FREE() due to tokenizer.c's tok_nextc()
Type: crash Stage: resolved
Components: Interpreter Core Versions: Python 3.8, Python 3.7, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: ZackerySpytz, miss-islington, pablogsal, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2019-03-28 04:33 by ZackerySpytz, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 12601 merged ZackerySpytz, 2019-03-28 04:36
PR 12604 merged miss-islington, 2019-03-28 13:53
PR 12605 merged miss-islington, 2019-03-28 13:53
Messages (4)
msg339013 - (view) Author: Zackery Spytz (ZackerySpytz) * (Python triager) Date: 2019-03-28 04:33 
Commit cb90c89de14aab636739b3e810cf949e47b54a0c added a PyMem_FREE(tok->buf) call in tok_nextc() if a PyMem_REALLOC() call fails. This will cause a double free when PyTokenizer_Free() is called on the tokenizer state.
msg339043 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2019-03-28 13:53 
New changeset cda139d1ded6708665b53e4ed32ccc1d2627e1da by Serhiy Storchaka (Zackery Spytz) in branch 'master':
bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() (12601)
https://github.com/python/cpython/commit/cda139d1ded6708665b53e4ed32ccc1d2627e1da
msg339049 - (view) Author: miss-islington (miss-islington) Date: 2019-03-28 14:44 
New changeset dffe90ee0eaf77785ad3d4ad7fb3249430ed1cb9 by Miss Islington (bot) in branch '2.7':
bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() (12601)
https://github.com/python/cpython/commit/dffe90ee0eaf77785ad3d4ad7fb3249430ed1cb9
msg339051 - (view) Author: miss-islington (miss-islington) Date: 2019-03-28 15:08 
New changeset 6fd3c852b15820480ad2ea83e7857615c4976304 by Miss Islington (bot) in branch '3.7':
bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() (12601)
https://github.com/python/cpython/commit/6fd3c852b15820480ad2ea83e7857615c4976304
History
Date User Action Args
2022-04-11 14:59:13adminsetgithub: 80640
2019-03-28 15:15:07serhiy.storchakasetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2019-03-28 15:08:49miss-islingtonsetmessages: + msg339051
2019-03-28 14:44:25miss-islingtonsetnosy: + miss-islington
messages: + msg339049
2019-03-28 13:53:59miss-islingtonsetpull_requests: + pull_request12545
2019-03-28 13:53:48miss-islingtonsetpull_requests: + pull_request12544
2019-03-28 13:53:11serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg339043
2019-03-28 05:01:15xtreaksetnosy: + pablogsal
2019-03-28 04:36:56ZackerySpytzsetkeywords: + patch
stage: patch review
pull_requests: + pull_request12541
2019-03-28 04:33:19ZackerySpytzcreate