[issue18328] Use after free in pystate.c

2013-07-01 Thread Christian Heimes
Changes by Christian Heimes : -- resolution: -> fixed stage: needs patch -> committed/rejected status: open -> closed ___ Python tracker ___

[issue18328] Use after free in pystate.c

2013-07-01 Thread Roundup Robot
Roundup Robot added the comment: New changeset ff30bf84b378 by Christian Heimes in branch '3.3': Issue #18328: Reorder ops in PyThreadState_Delete*() functions. Now the http://hg.python.org/cpython/rev/ff30bf84b378 New changeset ebe064e542ef by Christian Heimes in branch 'default': Issue #18328:

[issue18328] Use after free in pystate.c

2013-07-01 Thread Christian Heimes
Christian Heimes added the comment: I was talking about memory address reuse, too. After all the code doesn't access data at the pointer's address but rather uses the address as an identifier. I agree that the code should not behave erroneous under current circumstances. The GIL ensures seria

[issue18328] Use after free in pystate.c

2013-06-30 Thread Charles-François Natali
Charles-François Natali added the comment: > I think it's unsafe. The address of a pointer should not be used once the > pointer has been freed. Dereferencing a freed pointer is unsafe. A pointer is just an address, there's nothing inherently unsafe with comparing a pointer with a value. The on

[issue18328] Use after free in pystate.c

2013-06-30 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: LGTM. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python

[issue18328] Use after free in pystate.c

2013-06-30 Thread Christian Heimes
Christian Heimes added the comment: I think it's unsafe. The address of a pointer should not be used once the pointer has been freed. How about we reverse the order? At first we remove the key from TLS and then free the tstate. -- keywords: +patch Added file: http://bugs.python.org/fi

[issue18328] Use after free in pystate.c

2013-06-30 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: Seems it is not possible to write a test for this. -- nosy: +serhiy.storchaka stage: test needed -> needs patch ___ Python tracker ___ ___

[issue18328] Use after free in pystate.c

2013-06-30 Thread Charles-François Natali
Charles-François Natali added the comment: Well, tstate is freed, but is not used afterwards, it's just comparing the pointer against the TLS. -- nosy: +neologix ___ Python tracker

[issue18328] Use after free in pystate.c

2013-06-29 Thread Christian Heimes
New submission from Christian Heimes: Coverity doesn't like the code in and I think it's right. Can somebody look into the matter and check Python 3.3, too? http://hg.python.org/cpython/file/ac7bc6700ac3/Python/pystate.c#l376 http://hg.python.org/cpython/file/ac7bc6700ac3/Python/pystate.c#l394