subject:"\[issue40705\] use\-after\-free in _zoneinfo.c's module

[issue40705] use-after-free in _zoneinfo.c's module_free function

2021-04-02 Thread Ammar Askar



Change by Ammar Askar :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40705] use-after-free in _zoneinfo.c's module_free function

2020-05-24 Thread miss-islington



miss-islington  added the comment:


New changeset ebf650532b41f5e64a5620b8e47acc3a99555e14 by Miss Islington (bot) 
in branch '3.9':
bpo-40705: Fix use-after-free in _zoneinfo's module_free (GH-20280)
https://github.com/python/cpython/commit/ebf650532b41f5e64a5620b8e47acc3a99555e14


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40705] use-after-free in _zoneinfo.c's module_free function

2020-05-22 Thread Paul Ganssle



Paul Ganssle  added the comment:


New changeset 06a1b8915d6674e40f0dccc422ca2c06212392d8 by Ammar Askar in branch 
'master':
bpo-40705: Fix use-after-free in _zoneinfo's module_free (GH-20280)
https://github.com/python/cpython/commit/06a1b8915d6674e40f0dccc422ca2c06212392d8


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40705] use-after-free in _zoneinfo.c's module_free function

2020-05-22 Thread miss-islington



Change by miss-islington :


--
nosy: +miss-islington
nosy_count: 2.0 -> 3.0
pull_requests: +19588
pull_request: https://github.com/python/cpython/pull/20319

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40705] use-after-free in _zoneinfo.c's module_free function

2020-05-21 Thread Paul Ganssle



Change by Paul Ganssle :


--
versions: +Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40705] use-after-free in _zoneinfo.c's module_free function

2020-05-20 Thread Ammar Askar



Change by Ammar Askar :


--
keywords: +patch
pull_requests: +19557
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/20280

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40705] use-after-free in _zoneinfo.c's module_free function

2020-05-20 Thread Ammar Askar



New submission from Ammar Askar :

This was caught on oss-fuzz's ASAN builder:

Step #4: ==7656==ERROR: AddressSanitizer: heap-use-after-free on address 
0x604001568ea0 at pc 0x7f603e4b974b bp 0x7ffe4f7e8f90 sp 0x7ffe4f7e8f88
Step #4: READ of size 8 at 0x604001568ea0 thread T0
Step #4: #0 0x7f603e4b974a in module_free 
/src/cpython3/Modules/_zoneinfo.c:2610:10
Step #4: #1 0x570311 in module_dealloc 
/src/cpython3/Objects/moduleobject.c:675:9
Step #4: #2 0x57b7fc in _Py_Dealloc /src/cpython3/Objects/object.c:2209:5
Step #4: #3 0x54ce60 in _Py_DECREF /src/cpython3/./Include/object.h:430:9
Step #4: #4 0x551cdc in _Py_XDECREF /src/cpython3/./Include/object.h:497:9
Step #4: #5 0x54e1b2 in insertdict /src/cpython3/Objects/dictobject.c:1129:5
Step #4: #6 0x54d2fe in PyDict_SetItem 
/src/cpython3/Objects/dictobject.c:1579:12
Step #4: #7 0x55b5dc in dict_ass_sub 
/src/cpython3/Objects/dictobject.c:2179:16
Step #4: #8 0x87520f in PyObject_SetItem 
/src/cpython3/Objects/abstract.c:210:16
Step #4: #9 0x6c1e89 in _PyImport_Cleanup 
/src/cpython3/Python/import.c:523:13
Step #4: #10 0x6fc40a in Py_FinalizeEx 
/src/cpython3/Python/pylifecycle.c:1422:5
Step #4: #11 0x4dd17a in Py_RunMain /src/cpython3/Modules/main.c:634:9
Step #4: #12 0x4ddbea in pymain_main /src/cpython3/Modules/main.c:662:12
Step #4: #13 0x4dde34 in Py_BytesMain /src/cpython3/Modules/main.c:686:12
Step #4: #14 0x4dd030 in main /src/cpython3/./Programs/python.c:15:12
Step #4: #15 0x7f60440bc82f in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Step #4: #16 0x434ce8 in _start (/src/cpython3/python+0x434ce8)
Step #4: 
Step #4: 0x604001568ea0 is located 16 bytes inside of 48-byte region 
[0x604001568e90,0x604001568ec0)
Step #4: freed by thread T0 here:
Step #4: #0 0x4ad20d in free 
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:123:3
Step #4: #1 0x57c493 in _PyMem_RawFree 
/src/cpython3/Objects/obmalloc.c:127:5
Step #4: #2 0x57dbc2 in PyObject_Free /src/cpython3/Objects/obmalloc.c:709:5
Step #4: #3 0x75e81a in PyObject_GC_Del 
/src/cpython3/Modules/gcmodule.c:2325:5
Step #4: #4 0x5a12cd in object_dealloc 
/src/cpython3/Objects/typeobject.c:4008:5
Step #4: #5 0x59abbb in subtype_dealloc 
/src/cpython3/Objects/typeobject.c:1371:5
Step #4: #6 0x57b7fc in _Py_Dealloc /src/cpython3/Objects/object.c:2209:5
Step #4: #7 0x7f603e4b0700 in _Py_DECREF 
/src/cpython3/./Include/object.h:430:9
Step #4: #8 0x7f603e4b05dc in _Py_XDECREF 
/src/cpython3/./Include/object.h:497:9
Step #4: #9 0x7f603e4b96de in module_free 
/src/cpython3/Modules/_zoneinfo.c:2609:5
Step #4: #10 0x570311 in module_dealloc 
/src/cpython3/Objects/moduleobject.c:675:9
Step #4: #11 0x57b7fc in _Py_Dealloc /src/cpython3/Objects/object.c:2209:5
Step #4: #12 0x54ce60 in _Py_DECREF /src/cpython3/./Include/object.h:430:9
Step #4: #13 0x551cdc in _Py_XDECREF /src/cpython3/./Include/object.h:497:9
Step #4: #14 0x54e1b2 in insertdict 
/src/cpython3/Objects/dictobject.c:1129:5
Step #4: #15 0x54d2fe in PyDict_SetItem 
/src/cpython3/Objects/dictobject.c:1579:12
Step #4: #16 0x55b5dc in dict_ass_sub 
/src/cpython3/Objects/dictobject.c:2179:16
Step #4: #17 0x87520f in PyObject_SetItem 
/src/cpython3/Objects/abstract.c:210:16
Step #4: #18 0x6c1e89 in _PyImport_Cleanup 
/src/cpython3/Python/import.c:523:13
Step #4: #19 0x6fc40a in Py_FinalizeEx 
/src/cpython3/Python/pylifecycle.c:1422:5
Step #4: #20 0x4dd17a in Py_RunMain /src/cpython3/Modules/main.c:634:9
Step #4: #21 0x4ddbea in pymain_main /src/cpython3/Modules/main.c:662:12
Step #4: #22 0x4dde34 in Py_BytesMain /src/cpython3/Modules/main.c:686:12
Step #4: #23 0x4dd030 in main /src/cpython3/./Programs/python.c:15:12
Step #4: #24 0x7f60440bc82f in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Step #4: 
Step #4: previously allocated by thread T0 here:
Step #4: #0 0x4ad48d in malloc 
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
Step #4: #1 0x57c37c in _PyMem_RawMalloc 
/src/cpython3/Objects/obmalloc.c:99:12
Step #4: #2 0x57da49 in PyObject_Malloc 
/src/cpython3/Objects/obmalloc.c:685:12
Step #4: #3 0x75e17c in _PyObject_GC_Alloc 
/src/cpython3/Modules/gcmodule.c:2233:26
Step #4: #4 0x75e0c5 in _PyObject_GC_Malloc 
/src/cpython3/Modules/gcmodule.c:2260:12
Step #4: #5 0x598619 in PyType_GenericAlloc 
/src/cpython3/Objects/typeobject.c:1086:15
Step #4: #6 0x5a1922 in object_new 
/src/cpython3/Objects/typeobject.c:4002:12
Step #4: #7 0x59d2c7 in type_call /src/cpython3/Objects/typeobject.c:1017:11
Step #4: #8 0x4fbb0b in _PyObject_MakeTpCall 
/src/cpython3/Objects/call.c:191:18
Step #4: #9 0x4feefa in _PyObject_VectorcallTstate 
/src/cpython3/./Include/cpython/abstract.h:116:16
Step #4: #10 0x4fb5e7 in _PyObject_CallNoArgTstate 
/src/cpython3/./Include/internal/pycore_call.h:33:12
Step #4:

[issue40705] use-after-free in _zoneinfo.c's module_free function

[issue40705] use-after-free in _zoneinfo.c's module_free function

[issue40705] use-after-free in _zoneinfo.c's module_free function

[issue40705] use-after-free in _zoneinfo.c's module_free function

[issue40705] use-after-free in _zoneinfo.c's module_free function

[issue40705] use-after-free in _zoneinfo.c's module_free function

[issue40705] use-after-free in _zoneinfo.c's module_free function

7 matches

Site Navigation

Mail list logo

Footer information