Author urnotmax
Recipients urnotmax
Date 2022-01-06.13:07:47
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1641474472.82.0.569971622344.issue46280@roundup.psfhosted.org>
In-reply-to
Content
I am currently doing some research on the security of CPython. I used the open source vulnerability analysis engine, Infer(https://fbinfer.com/), to scan the native code of CPython 3.10.0. 

The scan results show that there are still a number of vulnerabilities in the CPython native code, such as Null dereference, Uninitialized variable, Resource/Memory leak, etc. Moreover, I found that some of the vulnerabilities are related to Python/C API. I enclose the vulnerability report for your reference.

Based on the research of the result, I tried to design a tool to automatically detect and repair vulnerabilities in CPython and make this tool available. See:

https://github.com/PVMPATCH/PVMPatch

Python is my favourite programming language. I sincerely hope that I can help Python become stronger and safer. I hope this discovery can be useful for you to develop Python in the future.
History
Date User Action Args
2022-01-06 13:07:52urnotmaxsetrecipients: + urnotmax
2022-01-06 13:07:52urnotmaxsetmessageid: <1641474472.82.0.569971622344.issue46280@roundup.psfhosted.org>
2022-01-06 13:07:52urnotmaxlinkissue46280 messages
2022-01-06 13:07:52urnotmaxcreate