This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Bad free in assemble function
Type: crash Stage: patch review
Components: Interpreter Core Versions: Python 3.10
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Mark.Shannon, alex.henrie
Priority: normal Keywords: patch

Created on 2021-03-02 01:38 by alex.henrie, last changed 2022-04-11 14:59 by admin.

Pull Requests
URL Status Linked Edit
PR 24697 merged alex.henrie, 2021-03-02 01:39
Messages (2)
msg387893 - (view) Author: Alex Henrie (alex.henrie) * Date: 2021-03-02 01:38 
The assemble function in compile.c currently looks like this:

    static PyCodeObject *
    assemble(struct compiler *c, int addNone)
    {
        basicblock *b, *entryblock;
        struct assembler a;
        int j, nblocks;
        PyCodeObject *co = NULL;
        PyObject *consts = NULL;

        ...

        for (basicblock *b = c->u->u_blocks; b != NULL; b = b->b_list) {
            if (normalize_basic_block(b)) {
                goto error;
            }
        }

        if (ensure_exits_have_lineno(c)) {
            goto error;
        }

        ...

     error:
        Py_XDECREF(consts);
        assemble_free(&a);
        return co;
    }

If normalize_basic_block or ensure_exits_have_lineno fails, the function will attempt to free a.a_bytecode, which has not yet been initialized, possibly leading to a program crash.

The problematic code was added by commit 5977a7989d49c3e095c7659a58267d87a17b12b1 to fix bpo-42246.

Defect identified by scan-build <https://clang-analyzer.llvm.org/scan-build.html>
msg387903 - (view) Author: Mark Shannon (Mark.Shannon) * (Python committer) Date: 2021-03-02 10:20 
New changeset 503627fc2acb875b4c7b58a7f6e258cfcbad054b by Alex Henrie in branch 'master':
bpo-43358: Fix bad free in assemble function (GH-24697)
https://github.com/python/cpython/commit/503627fc2acb875b4c7b58a7f6e258cfcbad054b
History
Date User Action Args
2022-04-11 14:59:42adminsetgithub: 87524
2021-03-02 10:20:36Mark.Shannonsetmessages: + msg387903
2021-03-02 01:50:29ammar2setnosy: + Mark.Shannon
2021-03-02 01:39:37alex.henriesetkeywords: + patch
stage: patch review
pull_requests: + pull_request23474
2021-03-02 01:38:32alex.henriecreate