STINNER Victor <victor.stin...@gmail.com> added the comment: Ok, let me summarize:
* 2.7: memset() *before* realloc() if shrinking a memory block, but crash when Py_FatalError() if realloc() fails on shrinking --> cannot corrupt memory, but can crash if realloc() fails on shrinking * master (3.7): memset() *before* realloc() if shrinking a memory block, but save erased bytes, and restore erased bytes if realloc() fails --> always correct * 3.6: don't memset() --> correct, but don't detect "use after free" bug when a memory block is skrinked Python 3.6 release manager, Ned Deily, rejected the proposal to backport the complex fix from master to 3.6. Victor (me): > Serhiy: I added a Py_FatalError() to Python 2.7 if the case that must not > happen does happen. Are you ok to apply the same change for Python 3.6 (...) Sorry, when I asked the question, I expected that Python 3.6 still erased bytes before realloc(). But it's not the case. I agree that Py_FatalError() would be a bad idea for Python 3.6. Serhiy: Thank you for fixing Python 3.6 (don't memset() *after* realloc, which crashed on OpenBSD) and "fix" the feature in master (restore erased bytes if realloc fails)! I close the issue. I don't think that Python 2.7 or 3.6 need further changes. ---------- resolution: -> fixed stage: patch review -> resolved status: open -> closed _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue31626> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
