INADA Naoki added the comment: I can reproduce it on Python 3.5 with attached script. I think this bug is from Python 3.3, since key-sharing dict is implemented.
"Trigger key sharing dict resize while callbacks (weakref or __del__) called from setitem" is step to reproduce. It's not easy to exploit because external input (JSON, form, etc) doesn't use key-sharing dict. Should I fix it for 3.3~ (security fix only) or 3.5~ (bugfix)? ---------- keywords: +3.3regression -3.6regression, patch title: SIGSEGV in PyObject_Malloc on python 3.6 and 3.7 -> use after free in key sharing dict Added file: http://bugs.python.org/file46519/29438-minimum.py _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29438> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com