subject:"\[issue31165\] null pointer deref and segfault in list

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

2017-10-06 Thread STINNER Victor

STINNER Victor added the comment: "Maybe we should prevent collection of garbage with circular references (that has __del__() or weakref callbacks) from PyObject_GC_New()?" That would be a major change in the garbage collector. I would prefer to not touch the GC, any change can introduce a co

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

2017-10-06 Thread STINNER Victor

STINNER Victor added the comment: > Oh, you are right Oren. Seems this is the only solution. There are other solutions. I wrote PR 3911 which checks if the list size changed after PyList_New(). If it's the case, a RuntimeError exception is raised. We implemented similar checks in the dict ty

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

2017-10-06 Thread STINNER Victor

Change by STINNER Victor : -- keywords: +patch pull_requests: +3884 stage: -> patch review ___ Python tracker ___ ___ Python-bugs-li

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

2017-10-06 Thread Serhiy Storchaka

Serhiy Storchaka added the comment: Oh, you are right Oren. Seems this is the only solution. -- nosy: +haypo, lemburg, pitrou, serhiy.storchaka, tim.peters, twouters ___ Python tracker ___

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

2017-10-06 Thread Oren Milman

Oren Milman added the comment: Oh, and calls to PyObject_GC_NewVar() might also cause similar issues. -- ___ Python tracker ___ ___

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

2017-10-06 Thread Oren Milman

Oren Milman added the comment: Here is some similar code that crashes for the same reasons: # create a circular reference with a malicious __del__(). class A: def __del__(*args): del list1[0] circ_ref_obj = A() circ_ref_obj._self = circ_ref_obj list1 = [None] list2 = [] del circ_re

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

2017-08-09 Thread geeknik

Changes by geeknik : -- type: -> crash ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

2017-08-09 Thread geeknik

New submission from geeknik: Python 3.7 git commit 3ca9f50 compiled with afl-clang-fast on Ubuntu 16 x64. The following script triggers undefined-behavior followed by a null pointer dereference and a segfault. import weakref class A(object):pass def callback(x):del lst[0] keepali0e=[] for i i

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

[issue31165] null pointer deref and segfault in list_slice (listobject.c:455)

8 matches

Site Navigation

Mail list logo

Footer information