[issue39421] Use-after-free in heappushpop() of heapq module

New submission from Dk0n9 : The variable `heap` in heappushpop does not add a reference count ```c cmp = PyObject_RichCompareBool(PyList_GET_ITEM(heap, 0), item, Py_LT); if (cmp < 0) return NULL; if (cmp == 0) { Py_INCREF(item); return item; } ```

[issue39421] Use-after-free in heappushpop() of heapq module

Change by Dk0n9 : -- components: Extension Modules nosy: dk0n9 priority: normal severity: normal status: open title: Use-after-free in heappushpop() of heapq module type: crash versions: Python 3.6, Python 3.7, Python 3.8, Python 3.9 ___ Python