-
-
Notifications
You must be signed in to change notification settings - Fork 31k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Double-free in Argument Clinic str_converter
generated code
#99240
Labels
Comments
colorfulappl
changed the title
Double-fre in Argument clinic
Double-free in Argument clinic Nov 8, 2022
str_converter
generated codestr_converter
generated code
colorfulappl
changed the title
Double-free in Argument clinic
Double-free in Argument Clinic Nov 8, 2022
str_converter
generated codestr_converter
generated code
colorfulappl
added a commit
to colorfulappl/cpython
that referenced
this issue
Nov 8, 2022
There are two ways to fix this bug,
|
Thanks for reporting and fixing, looks like this has been completed |
We should consider backporting this, IMO. |
kumaraditya303
added a commit
that referenced
this issue
Dec 17, 2022
…rgument parsing (#99890) Co-authored-by: Kumar Aditya <[email protected]> Co-authored-by: Erlend E. Aasland <[email protected]>
kumaraditya303
added a commit
to kumaraditya303/cpython
that referenced
this issue
Dec 17, 2022
…d in argument parsing (python#99890) Co-authored-by: Kumar Aditya <[email protected]> Co-authored-by: Erlend E. Aasland <[email protected]>
shihai1991
added a commit
to shihai1991/cpython
that referenced
this issue
Dec 18, 2022
* origin/main: (1306 commits) Correct CVE-2020-10735 documentation (python#100306) pythongh-100272: Fix JSON serialization of OrderedDict (pythonGH-100273) pythongh-93649: Split tracemalloc tests from _testcapimodule.c (python#99551) Docs: Use `PY_VERSION_HEX` for version comparison (python#100179) pythongh-97909: Fix markup for `PyMethodDef` members (python#100089) pythongh-99240: Reset pointer to NULL when the pointed memory is freed in argument parsing (python#99890) pythongh-99240: Reset pointer to NULL when the pointed memory is freed in argument parsing (python#99890) pythonGH-98831: Add DECREF_INPUTS(), expanding to DECREF() each stack input (python#100205) pythongh-78707: deprecate passing >1 argument to `PurePath.[is_]relative_to()` (pythonGH-94469) pythongh-99540: Constant hash for _PyNone_Type to aid reproducibility (pythonGH-99541) pythongh-100039: enhance __signature__ to work with str and callables (pythonGH-100168) pythongh-99830: asyncio: Document returns of remove_{reader,writer} (python#100302) "Compound statement" docs: Fix with-statement step indexing (python#100286) pythonGH-90043: Handle NaNs in COMPARE_OP_FLOAT_JUMP (pythonGH-100278) Improve stats presentation for calls. (pythonGH-100274) Better stats for `LOAD_ATTR` and `STORE_ATTR` (pythonGH-100295) pythongh-81057: Move the Cached Parser Dummy Name to _PyRuntimeState (python#100277) Document that zipfile's pwd parameter is a `bytes` object (python#100209) pythongh-99767: mark `PyTypeObject.tp_watched` as internal use only in table (python#100271) Fix typo in introduction.rst (python#100266) ...
carljm
added a commit
to carljm/cpython
that referenced
this issue
Dec 19, 2022
* main: pythongh-89727: Fix os.walk RecursionError on deep trees (python#99803) Docs: Don't upload CI artifacts (python#100330) pythongh-94912: Added marker for non-standard coroutine function detection (python#99247) Correct CVE-2020-10735 documentation (python#100306) pythongh-100272: Fix JSON serialization of OrderedDict (pythonGH-100273) pythongh-93649: Split tracemalloc tests from _testcapimodule.c (python#99551) Docs: Use `PY_VERSION_HEX` for version comparison (python#100179) pythongh-97909: Fix markup for `PyMethodDef` members (python#100089) pythongh-99240: Reset pointer to NULL when the pointed memory is freed in argument parsing (python#99890) pythongh-99240: Reset pointer to NULL when the pointed memory is freed in argument parsing (python#99890) pythonGH-98831: Add DECREF_INPUTS(), expanding to DECREF() each stack input (python#100205) pythongh-78707: deprecate passing >1 argument to `PurePath.[is_]relative_to()` (pythonGH-94469)
colorfulappl
added a commit
to colorfulappl/cpython
that referenced
this issue
Dec 20, 2022
…verter generated code (pythonGH-99241) (cherry picked from commit 8dbe08e) Fix double-free bug mentioned at pythonGH-99240, by moving memory clean up out of "exit" label.
colorfulappl
added a commit
to colorfulappl/cpython
that referenced
this issue
Dec 20, 2022
…verter generated code (pythonGH-99241) (cherry picked from commit 8dbe08e) Fix double-free bug mentioned at pythonGH-99240, by moving memory clean up out of "exit" label.
kumaraditya303
pushed a commit
that referenced
this issue
Dec 20, 2022
kumaraditya303
pushed a commit
that referenced
this issue
Dec 20, 2022
colorfulappl
added a commit
to colorfulappl/cpython
that referenced
this issue
Dec 21, 2022
…is freed in argument parsing (pythonGH-99890) (cherry picked from commit efbb1eb) Co-authored-by: Kumar Aditya <[email protected]> Co-authored-by: Erlend E. Aasland <[email protected]>
colorfulappl
added a commit
to colorfulappl/cpython
that referenced
this issue
Dec 21, 2022
…is freed in argument parsing (pythonGH-99890) (cherry picked from commit efbb1eb) Co-authored-by: Kumar Aditya <[email protected]> Co-authored-by: Erlend E. Aasland <[email protected]>
kumaraditya303
added a commit
that referenced
this issue
Dec 21, 2022
…ed in argument parsing (GH-99890) (#100385) (cherry picked from commit efbb1eb) Co-authored-by: Kumar Aditya <[email protected]> Co-authored-by: Erlend E. Aasland <[email protected]>
kumaraditya303
added a commit
that referenced
this issue
Dec 21, 2022
…ed in argument parsing (GH-99890) (#100386) (cherry picked from commit efbb1eb) Co-authored-by: Kumar Aditya <[email protected]> Co-authored-by: Erlend E. Aasland <[email protected]>
Thanks for working on this, all PRs have been merged. |
Yes, thanks for all your good work on argument clinic, @colorfulappl! And thank you Kumar for landing these PRs; I've had a hard time keeping up with CPython dev lately. |
rwgk
pushed a commit
to rwgk/cpython
that referenced
this issue
Mar 11, 2023
…d in argument parsing (python#99890) Co-authored-by: Kumar Aditya <[email protected]> Co-authored-by: Erlend E. Aasland <[email protected]>
edo38
pushed a commit
to edo38/python-clinic
that referenced
this issue
Apr 24, 2024
…ted code (GH-99241) Fix double-free bug mentioned at python/cpython#99240, by moving memory clean up out of "exit" label. Automerge-Triggered-By: GH:erlend-aasland
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Argument Clinic
str_converter
generate such code whenencoding
is set(see function
test_str_converter_encoding
in file Lib/test/clinic.test):If parsing
a
successes,a
will be assigned an address points to an allocated memory.After that, if parsing
b
fails, the memory whicha
points to is freed by function_PyArg_ParseStack
,and
_PyArg_ParseStack
returns 0, then control flow goes to label "exit".At this time,
a
is not NULL, so the memory it points to is freed again, which cause a double-free problem and a runtime crash.This bug is found in #96178 "Argument Clinic functional test".
The text was updated successfully, but these errors were encountered: