A possible double PyMem_FREE() due to tokenizer.c's tok_nextc() #80640

ZackerySpytz · 2019-03-28T04:33:20Z

BPO	36459
Nosy	@serhiy-storchaka, @ZackerySpytz, @pablogsal, @miss-islington
PRs	bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() #12601 [2.7] bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() (12601) #12604 [3.7] bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() (12601) #12605

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2019-03-28.15:15:07.990>
created_at = <Date 2019-03-28.04:33:19.566>
labels = ['interpreter-core', '3.7', '3.8', 'type-crash']
title = "A possible double PyMem_FREE() due to tokenizer.c's tok_nextc()"
updated_at = <Date 2019-03-28.15:15:07.990>
user = 'https://github.com/ZackerySpytz'

bugs.python.org fields:

activity = <Date 2019-03-28.15:15:07.990>
actor = 'serhiy.storchaka'
assignee = 'none'
closed = True
closed_date = <Date 2019-03-28.15:15:07.990>
closer = 'serhiy.storchaka'
components = ['Interpreter Core']
creation = <Date 2019-03-28.04:33:19.566>
creator = 'ZackerySpytz'
dependencies = []
files = []
hgrepos = []
issue_num = 36459
keywords = ['patch']
message_count = 4.0
messages = ['339013', '339043', '339049', '339051']
nosy_count = 4.0
nosy_names = ['serhiy.storchaka', 'ZackerySpytz', 'pablogsal', 'miss-islington']
pr_nums = ['12601', '12604', '12605']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue36459'
versions = ['Python 2.7', 'Python 3.7', 'Python 3.8']

ZackerySpytz · 2019-03-28T04:33:20Z

Commit cb90c89 added a PyMem_FREE(tok->buf) call in tok_nextc() if a PyMem_REALLOC() call fails. This will cause a double free when PyTokenizer_Free() is called on the tokenizer state.

serhiy-storchaka · 2019-03-28T13:53:11Z

New changeset cda139d by Serhiy Storchaka (Zackery Spytz) in branch 'master':
bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() (12601)
cda139d

miss-islington · 2019-03-28T14:44:26Z

New changeset dffe90e by Miss Islington (bot) in branch '2.7':
bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() (12601)
dffe90e

miss-islington · 2019-03-28T15:08:49Z

New changeset 6fd3c85 by Miss Islington (bot) in branch '3.7':
bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() (12601)
6fd3c85

ZackerySpytz mannequin added 3.7 (EOL) end of life 3.8 only security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump labels Mar 28, 2019

serhiy-storchaka closed this as completed Mar 28, 2019

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A possible double PyMem_FREE() due to tokenizer.c's tok_nextc() #80640

A possible double PyMem_FREE() due to tokenizer.c's tok_nextc() #80640

ZackerySpytz mannequin commented Mar 28, 2019

ZackerySpytz mannequin commented Mar 28, 2019

serhiy-storchaka commented Mar 28, 2019

miss-islington commented Mar 28, 2019

miss-islington commented Mar 28, 2019

A possible double PyMem_FREE() due to tokenizer.c's tok_nextc() #80640

A possible double PyMem_FREE() due to tokenizer.c's tok_nextc() #80640

Comments

ZackerySpytz mannequin commented Mar 28, 2019

ZackerySpytz mannequin commented Mar 28, 2019

serhiy-storchaka commented Mar 28, 2019

miss-islington commented Mar 28, 2019

miss-islington commented Mar 28, 2019