https://github.com/python/cpython/commit/8d51ed6b050b2678a8c1ad22b739554171a563cc
commit: 8d51ed6b050b2678a8c1ad22b739554171a563cc
branch: 3.14
author: Miss Islington (bot) <31488909+miss-isling...@users.noreply.github.com>
committer: kumaraditya303 <kumaradi...@python.org>
date: 2025-05-18T20:38:40+05:30
summary:
[3.14] gh-134100: Fix use-after-free in `PyImport_ImportModuleLevelObject`
(GH-134117) (#134171)
gh-134100: Fix use-after-free in `PyImport_ImportModuleLevelObject` (GH-134117)
(cherry picked from commit 4e9005d32ff466925f40af410f2ea6bf2329bcf8)
Co-authored-by: Nico-Posada <102486290+nico-pos...@users.noreply.github.com>
files:
A
Misc/NEWS.d/next/Core_and_Builtins/2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst
M Lib/test/test_importlib/import_/test_relative_imports.py
M Python/import.c
diff --git a/Lib/test/test_importlib/import_/test_relative_imports.py
b/Lib/test/test_importlib/import_/test_relative_imports.py
index e535d119763148..1549cbe96ce2d1 100644
--- a/Lib/test/test_importlib/import_/test_relative_imports.py
+++ b/Lib/test/test_importlib/import_/test_relative_imports.py
@@ -223,6 +223,21 @@ def test_relative_import_no_package_exists_absolute(self):
self.__import__('sys', {'__package__': '', '__spec__': None},
level=1)
+ def test_malicious_relative_import(self):
+ # https://github.com/python/cpython/issues/134100
+ # Test to make sure UAF bug with error msg doesn't come back to life
+ import sys
+ loooong = "".ljust(0x23000, "b")
+ name = f"a.{loooong}.c"
+
+ with util.uncache(name):
+ sys.modules[name] = {}
+ with self.assertRaisesRegex(
+ KeyError,
+ r"'a\.b+' not in sys\.modules as expected"
+ ):
+ __import__(f"{loooong}.c", {"__package__": "a"}, level=1)
+
(Frozen_RelativeImports,
Source_RelativeImports
diff --git
a/Misc/NEWS.d/next/Core_and_Builtins/2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst
b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst
new file mode 100644
index 00000000000000..d672347f9ad246
--- /dev/null
+++
b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst
@@ -0,0 +1,2 @@
+Fix a use-after-free bug that occurs when an imported module isn't
+in :data:`sys.modules` after its initial import. Patch by Nico-Posada.
diff --git a/Python/import.c b/Python/import.c
index afdc28eda31b9b..f24c5716feb6c2 100644
--- a/Python/import.c
+++ b/Python/import.c
@@ -3852,15 +3852,17 @@ PyImport_ImportModuleLevelObject(PyObject *name,
PyObject *globals,
}
final_mod = import_get_module(tstate, to_return);
- Py_DECREF(to_return);
if (final_mod == NULL) {
if (!_PyErr_Occurred(tstate)) {
_PyErr_Format(tstate, PyExc_KeyError,
"%R not in sys.modules as expected",
to_return);
}
+ Py_DECREF(to_return);
goto error;
}
+
+ Py_DECREF(to_return);
}
}
else {
_______________________________________________
Python-checkins mailing list -- python-checkins@python.org
To unsubscribe send an email to python-checkins-le...@python.org
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: arch...@mail-archive.com
