Message 286926 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	xiang.zhang
Recipients	christian.heimes, dhanavaths, xiang.zhang
Date	2017-02-04.08:02:37
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1486195358.01.0.527299907947.issue29347@psf.upfronthosting.co.za>
In-reply-to

Content
After reading the code I could see the possibility. A weakref object gets two linkedlist pointers which are not initialized by new_weakref (actually they are initialized by insert_head or insert_after). But the weakref object is possible to be destroyed in [1] and [2]. So we are going to dereference two uninitialized pointers in clear_weakref and then crash. So simply initialize the two pointers to NULL in init_weakref could solve this problem? Are you willing to test Saida? [1] https://github.com/python/cpython/blob/master/Objects/weakrefobject.c#L770 [2] https://github.com/python/cpython/blob/master/Objects/weakrefobject.c#L833

After reading the code I could see the possibility. A weakref object gets two linkedlist pointers which are not initialized by new_weakref (actually they are initialized by insert_head or insert_after). But the weakref object is possible to be destroyed in [1] and [2]. So we are going to dereference two uninitialized pointers in clear_weakref and then crash. So simply initialize the two pointers to NULL in init_weakref could solve this problem? Are you willing to test Saida?

[1] https://github.com/python/cpython/blob/master/Objects/weakrefobject.c#L770
[2] https://github.com/python/cpython/blob/master/Objects/weakrefobject.c#L833

History
Date	User	Action	Args
2017-02-04 08:02:38	xiang.zhang	set	recipients: + xiang.zhang, christian.heimes, dhanavaths
2017-02-04 08:02:38	xiang.zhang	set	messageid: <1486195358.01.0.527299907947.issue29347@psf.upfronthosting.co.za>
2017-02-04 08:02:37	xiang.zhang	link	issue29347 messages
2017-02-04 08:02:37	xiang.zhang	create