[issue24096] Use after free in get_filter

2015-05-03 Thread Roundup Robot 

Roundup Robot added the comment:

New changeset ffc1f9d1c8b3 by Benjamin Peterson in branch '3.3':
be more robust against the filters list changing under us (closes #24096)
https://hg.python.org/cpython/rev/ffc1f9d1c8b3

New changeset 47f4c3a5d86a by Benjamin Peterson in branch '3.4':
merge 3.3 (#24096)
https://hg.python.org/cpython/rev/47f4c3a5d86a

New changeset bfea101f9402 by Benjamin Peterson in branch 'default':
merge 3.4 (#24096)
https://hg.python.org/cpython/rev/bfea101f9402

--
nosy: +python-dev
resolution:  -> fixed
stage: needs patch -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24096] Use after free in get_filter

2015-05-02 Thread Arfrever Frehtes Taifersar Arahesis 

Changes by Arfrever Frehtes Taifersar Arahesis :


--
nosy: +Arfrever

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24096] Use after free in get_filter

2015-05-01 Thread Serhiy Storchaka 

Changes by Serhiy Storchaka :


--
nosy: +ezio.melotti, pitrou, rhettinger, serhiy.storchaka

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24096] Use after free in get_filter

2015-05-01 Thread Christian Heimes 

Christian Heimes added the comment:

Thanks Paul!

May I ask how you found that many use-after-free bugs? Are you using some sort 
of tool for static code analysis or fuzzying?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24096] Use after free in get_filter

2015-05-01 Thread paul 

paul added the comment:

Issue for poc_enc_dict3.py is here: https://bugs.python.org/issue24105

Please ignore first and third message.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24096] Use after free in get_filter

2015-05-01 Thread paul 

Changes by paul :


Removed file: http://bugs.python.org/file39246/poc_enc_dict3.py

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24096] Use after free in get_filter

2015-05-01 Thread Christian Heimes 

Christian Heimes added the comment:

In 3.5 the segfault occurs at

#0  0x7073e55e in encoder_listencode_dict (s=s@entry=0x709aa988, 
acc=acc@entry=0x7fffcf20, dct=dct@entry=, 
indent_level=indent_level@entry=0)
at /home/heimes/dev/python/cpython/Modules/_json.c:1686
#1  0x7073ee85 in encoder_listencode_obj (s=s@entry=0x709aa988, 
acc=acc@entry=0x7fffcf20, obj=, indent_level=0) 
at /home/heimes/dev/python/cpython/Modules/_json.c:1561
#2  0x7073f392 in encoder_call (self=<_json.Encoder at remote 
0x709aa988>, args=(, 0), kwds=0x0) at 
/home/heimes/dev/python/cpython/Modules/_json.c:1386
#3  0x0044edf8 in PyObject_Call (func=func@entry=<_json.Encoder at 
remote 0x709aa988>, arg=arg@entry=(, 0), 
kw=kw@entry=0x0) at Objects/abstract.c:2147
#4  0x0052be56 in do_call (func=func@entry=<_json.Encoder at remote 
0x709aa988>, pp_stack=pp_stack@entry=0x7fffd098, na=na@entry=2, 
nk=nk@entry=0) at Python/ceval.c:4515
#5  0x0053663c in call_function 
(pp_stack=pp_stack@entry=0x7fffd098, oparg=oparg@entry=2) at 
Python/ceval.c:4311

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24096] Use after free in get_filter

2015-05-01 Thread Christian Heimes 

Changes by Christian Heimes :


--
components: +Extension Modules
nosy: +christian.heimes
stage:  -> needs patch
versions: +Python 3.5

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24096] Use after free in get_filter

2015-05-01 Thread paul 

paul added the comment:

# Program received signal SIGSEGV, Segmentation fault.
# 0x080f2c17 in PyObject_GetAttr (v=, 
name='match') at Objects/object.c:872
# 872 if (tp->tp_getattro != NULL)
# (gdb) bt
# #0  0x080f2c17 in PyObject_GetAttr (v=, 
name='match') at Objects/object.c:872
# #1  0x080f2b42 in _PyObject_GetAttrId (v=, 
name=0x8328354 ) at Objects/object.c:835
# #2  0x0809c3a6 in _PyObject_CallMethodId (o=, 
name=0x8328354 , format=0x829552c "O")
# at Objects/abstract.c:2215
# #3  0x0817e48b in check_matched (obj=, arg='c') 
at Python/_warnings.c:28
# #4  0x0817e88b in get_filter (category=, text='', 
lineno=4, module='c', item=0xbfa87c88)
# (gdb) frame 4
# #4  0x0817e88b in get_filter (category=, text='', 
lineno=4, module='c', item=0xbfa87c88)
# at Python/_warnings.c:152
# 152 good_mod = check_matched(mod, module);
# (gdb) print *mod
# $1 = {_ob_next = 0xdbdbdbdb, _ob_prev = 0xdbdbdbdb, ob_refcnt = -606348325, 
ob_type = 0xdbdbdbdb}
# 
# "mod" object is deleted in "match" method. Use after free.
#

--
title: Use after free during json encoding a dict (3) -> Use after free in 
get_filter
Added file: http://bugs.python.org/file39247/poc_get_filter.py

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com