New submission from Stefan Behnel: The yield-from implementation calls _PyGen_FetchStopIterationValue() to get the exception value. If the StopIteration exception is not normalised, e.g. because it was set by PyErr_SetObject() in a C extension, then _PyGen_FetchStopIterationValue() will cast to (PyStopIterationObject*) whatever the exception value is and happily interpret an arbitrary memory position as PyObject*.
I attached a possible patch for the function. Another place to fix it would be in the yield-from code in ceval.c, but directly genobject.c seems the safer place. ---------- components: Interpreter Core files: fix_stopiteration_crash.patch keywords: patch messages: 241454 nosy: scoder priority: normal severity: normal status: open title: _PyGen_FetchStopIterationValue() crashes on unnormalised exceptions type: crash versions: Python 3.3, Python 3.4, Python 3.5 Added file: http://bugs.python.org/file39108/fix_stopiteration_crash.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue23996> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
