Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use-after-free in list contain #83634

Closed
corona10 opened this issue Jan 25, 2020 · 7 comments
Closed

Use-after-free in list contain #83634

corona10 opened this issue Jan 25, 2020 · 7 comments
Assignees
@corona10
Labels
3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@corona10
Copy link
Member

BPO 39453
Nosy @vstinner, @corona10, @pablogsal, @miss-islington
PRs
  • bpo-39453: Fix contains method of list to hold strong references #18181
  • bpo-39453: Add testcase for bpo-39453 #18202
  • [3.8] bpo-39453: Fix contains method of list to hold strong references #18204
  • [3.7] bpo-39453: Fix contains method of list to hold strong references #18205
  • [3.6] bpo-39453: Multiple backport patch for use after free with list and dict #18206
  • [3.7] [3.8] bpo-39453: Fix contains method of list to hold strong references (GH-18204) #18535
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/corona10'
closed_at = <Date 2020-02-17.09:37:52.494>
created_at = <Date 2020-01-25.14:22:26.267>
labels = ['3.7', '3.8', '3.9', 'type-crash']
title = 'Use-after-free in list contain'
updated_at = <Date 2020-02-17.09:37:52.487>
user = 'https://github.com/corona10'

    bugs.python.org fields:

    activity = <Date 2020-02-17.09:37:52.487>
actor = 'vstinner'
assignee = 'corona10'
closed = True
closed_date = <Date 2020-02-17.09:37:52.494>
closer = 'vstinner'
components = []
creation = <Date 2020-01-25.14:22:26.267>
creator = 'corona10'
dependencies = []
files = []
hgrepos = []
issue_num = 39453
keywords = ['patch']
message_count = 7.0
messages = ['360686', '360687', '360769', '360780', '362125', '362128', '362129']
nosy_count = 4.0
nosy_names = ['vstinner', 'corona10', 'pablogsal', 'miss-islington']
pr_nums = ['18181', '18202', '18204', '18205', '18206', '18535']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue39453'
versions = ['Python 3.7', 'Python 3.8', 'Python 3.9']
    @corona10
    Copy link
    Member Author 

    class poc() :
    def __eq__(self,other) :
        l.clear()
        return NotImplemented

l = [poc(), poc(), poc()]
3 in l

    [1] 2606 segmentation fault

    sigh..

    @corona10 corona10 added the 3.9 only security fixes label Jan 25, 2020
    @corona10 corona10 self-assigned this Jan 25, 2020
    @corona10 corona10 added type-crash A hard crash of the interpreter, possibly with a core dump 3.9 only security fixes labels Jan 25, 2020
    @corona10 corona10 self-assigned this Jan 25, 2020
    @corona10 corona10 added the type-crash A hard crash of the interpreter, possibly with a core dump label Jan 25, 2020
    @corona10
    Copy link
    Member Author

    I will send a patch ASAP.

    @pablogsal
    Copy link
    Member

    New changeset 4dbf2d8 by Pablo Galindo (Dong-hee Na) in branch 'master':
    bpo-39453: Make list.__contains__ hold strong references to avoid crashes (GH-18181)
    4dbf2d8

    @miss-islington
    Copy link
    Contributor

    New changeset 9e1ed51 by Miss Islington (bot) (Dong-hee Na) in branch 'master':
    bpo-39453: Add testcase for bpo-39453 (GH-18202)
    9e1ed51

    @vstinner
    Copy link
    Member

    New changeset f64abd1 by Dong-hee Na in branch '3.8':
    [3.8] bpo-39453: Fix contains method of list to hold strong references (GH-18204)
    f64abd1

    @miss-islington
    Copy link
    Contributor

    New changeset 3c57ca6 by Miss Islington (bot) in branch '3.7':
    [3.8] bpo-39453: Fix contains method of list to hold strong references (GH-18204)
    3c57ca6

    @vstinner
    Copy link
    Member

    Thanks Dong-hee Na for the fix.

    @vstinner vstinner added 3.7 (EOL) end of life 3.8 only security fixes labels Feb 17, 2020
    @vstinner vstinner added 3.7 (EOL) end of life 3.8 only security fixes labels Feb 17, 2020
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @corona10 corona10

    Labels
    3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes type-crash A hard crash of the interpreter, possibly with a core dump
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    4 participants
    @vstinner @corona10 @pablogsal @miss-islington