Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A possible crash in dictobject.c's new_dict() #80593

Closed
ZackerySpytz mannequin opened this issue Mar 24, 2019 · 3 comments
Closed

A possible crash in dictobject.c's new_dict() #80593

ZackerySpytz mannequin opened this issue Mar 24, 2019 · 3 comments
Labels
3.8 only security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@ZackerySpytz
Copy link
Mannequin

ZackerySpytz mannequin commented Mar 24, 2019

BPO 36412
Nosy @methane, @ZackerySpytz
PRs
  • bpo-36412: Fix a possible crash in dictobject.c's new_dict() #12519
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2019-03-24.02:23:44.939>
created_at = <Date 2019-03-24.01:49:34.930>
labels = ['interpreter-core', '3.8', 'type-crash']
title = "A possible crash in dictobject.c's new_dict()"
updated_at = <Date 2019-03-24.02:52:58.792>
user = 'https://github.com/ZackerySpytz'

    bugs.python.org fields:

    activity = <Date 2019-03-24.02:52:58.792>
actor = 'methane'
assignee = 'none'
closed = True
closed_date = <Date 2019-03-24.02:23:44.939>
closer = 'methane'
components = ['Interpreter Core']
creation = <Date 2019-03-24.01:49:34.930>
creator = 'ZackerySpytz'
dependencies = []
files = []
hgrepos = []
issue_num = 36412
keywords = ['patch']
message_count = 3.0
messages = ['338711', '338712', '338713']
nosy_count = 2.0
nosy_names = ['methane', 'ZackerySpytz']
pr_nums = ['12519']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue36412'
versions = ['Python 3.8']
    @ZackerySpytz
    Copy link
    Mannequin Author

    ZackerySpytz mannequin commented Mar 24, 2019

    PyDict_New() calls new_dict() with the "empty_values" array. If the PyObject_GC_New() call in new_dict() fails, new_dict() will call PyMem_FREE() on this array, causing a crash.

    @ZackerySpytz ZackerySpytz mannequin added 3.8 only security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump labels Mar 24, 2019
    @methane
    Copy link
    Member

    methane commented Mar 24, 2019

    New changeset 3d07c1e by Inada Naoki (Zackery Spytz) in branch 'master':
    bpo-36412: fix a possible crash in dictobject.c's new_dict() (GH-12519)
    3d07c1e

    @methane methane closed this as completed Mar 24, 2019
    @methane
    Copy link
    Member

    methane commented Mar 24, 2019

    Thank you, nice catch!
    How did you find it?

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.8 only security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    1 participant
    @methane