https://github.com/python/cpython/commit/35eb3b82a63e7d8bfcc570d9390f531baf8e70b7
commit: 35eb3b82a63e7d8bfcc570d9390f531baf8e70b7
branch: 3.13
author: Miss Islington (bot) <31488909+miss-isling...@users.noreply.github.com>
committer: zooba <steve.do...@microsoft.com>
date: 2025-05-20T21:44:17Z
summary:
GH-130727: Avoid race condition in _wmimodule by copying shared data (GH-134313)
(cherry picked from commit e4fbfb12889013fd52565cd2598a366754cb677b)
Co-authored-by: Chris Eibl <138194463+chris-e...@users.noreply.github.com>
files:
A Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst
M PC/_wmimodule.cpp
diff --git
a/Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst
b/Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst
new file mode 100644
index 00000000000000..dc10b3e62c8d4a
--- /dev/null
+++ b/Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst
@@ -0,0 +1,2 @@
+Fix a race in internal calls into WMI that can result in an "invalid handle"
+exception under high load. Patch by Chris Eibl.
diff --git a/PC/_wmimodule.cpp b/PC/_wmimodule.cpp
index 3a59e78f171526..58cb9a8c463ed8 100644
--- a/PC/_wmimodule.cpp
+++ b/PC/_wmimodule.cpp
@@ -57,11 +57,11 @@ _query_thread(LPVOID param)
IEnumWbemClassObject* enumerator = NULL;
HRESULT hr = S_OK;
BSTR bstrQuery = NULL;
- struct _query_data *data = (struct _query_data*)param;
+ _query_data data = *(struct _query_data*)param;
// gh-125315: Copy the query string first, so that if the main thread gives
// up on waiting we aren't left with a dangling pointer (and a likely
crash)
- bstrQuery = SysAllocString(data->query);
+ bstrQuery = SysAllocString(data.query);
if (!bstrQuery) {
hr = HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
}
@@ -71,7 +71,7 @@ _query_thread(LPVOID param)
}
if (FAILED(hr)) {
- CloseHandle(data->writePipe);
+ CloseHandle(data.writePipe);
if (bstrQuery) {
SysFreeString(bstrQuery);
}
@@ -96,7 +96,7 @@ _query_thread(LPVOID param)
IID_IWbemLocator, (LPVOID *)&locator
);
}
- if (SUCCEEDED(hr) && !SetEvent(data->initEvent)) {
+ if (SUCCEEDED(hr) && !SetEvent(data.initEvent)) {
hr = HRESULT_FROM_WIN32(GetLastError());
}
if (SUCCEEDED(hr)) {
@@ -105,7 +105,7 @@ _query_thread(LPVOID param)
NULL, NULL, 0, NULL, 0, 0, &services
);
}
- if (SUCCEEDED(hr) && !SetEvent(data->connectEvent)) {
+ if (SUCCEEDED(hr) && !SetEvent(data.connectEvent)) {
hr = HRESULT_FROM_WIN32(GetLastError());
}
if (SUCCEEDED(hr)) {
@@ -143,7 +143,7 @@ _query_thread(LPVOID param)
if (FAILED(hr) || got != 1 || !value) {
continue;
}
- if (!startOfEnum && !WriteFile(data->writePipe, (LPVOID)L"\0", 2,
&written, NULL)) {
+ if (!startOfEnum && !WriteFile(data.writePipe, (LPVOID)L"\0", 2,
&written, NULL)) {
hr = HRESULT_FROM_WIN32(GetLastError());
break;
}
@@ -171,10 +171,10 @@ _query_thread(LPVOID param)
DWORD cbStr1, cbStr2;
cbStr1 = (DWORD)(wcslen(propName) * sizeof(propName[0]));
cbStr2 = (DWORD)(wcslen(propStr) * sizeof(propStr[0]));
- if (!WriteFile(data->writePipe, propName, cbStr1,
&written, NULL) ||
- !WriteFile(data->writePipe, (LPVOID)L"=", 2, &written,
NULL) ||
- !WriteFile(data->writePipe, propStr, cbStr2, &written,
NULL) ||
- !WriteFile(data->writePipe, (LPVOID)L"\0", 2,
&written, NULL)
+ if (!WriteFile(data.writePipe, propName, cbStr1, &written,
NULL) ||
+ !WriteFile(data.writePipe, (LPVOID)L"=", 2, &written,
NULL) ||
+ !WriteFile(data.writePipe, propStr, cbStr2, &written,
NULL) ||
+ !WriteFile(data.writePipe, (LPVOID)L"\0", 2, &written,
NULL)
) {
hr = HRESULT_FROM_WIN32(GetLastError());
}
@@ -200,7 +200,7 @@ _query_thread(LPVOID param)
locator->Release();
}
CoUninitialize();
- CloseHandle(data->writePipe);
+ CloseHandle(data.writePipe);
return (DWORD)hr;
}
_______________________________________________
Python-checkins mailing list -- python-checkins@python.org
To unsubscribe send an email to python-checkins-le...@python.org
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: arch...@mail-archive.com
