subject:"\[issue41995\] five possible Null Pointer Dereference bugs."

[issue41995] five possible Null Pointer Dereference bugs.

2021-01-20 Thread miss-islington



miss-islington  added the comment:


New changeset 50938b63fbb0d4bed24dceccf188b8d0fe58463c by Miss Islington (bot) 
in branch '3.9':
bpo-41995: Handle allocation failure in _tracemalloc and _zoneinfo (GH-22635)
https://github.com/python/cpython/commit/50938b63fbb0d4bed24dceccf188b8d0fe58463c


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2021-01-20 Thread STINNER Victor



STINNER Victor  added the comment:

Thanks for the bug report brightest star, and thanks for the fix Yunlongs!

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2021-01-20 Thread miss-islington



Change by miss-islington :


--
pull_requests: +23086
pull_request: https://github.com/python/cpython/pull/24261

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2021-01-20 Thread STINNER Victor



STINNER Victor  added the comment:


New changeset f1ff800db1f9fa5ff8f2fa2863796a46bfa9ee46 by Yunlongs in branch 
'master':
bpo-41995: Handle allocation failure in _tracemalloc and _zoneinfo (GH-22635)
https://github.com/python/cpython/commit/f1ff800db1f9fa5ff8f2fa2863796a46bfa9ee46


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2020-10-13 Thread miss-islington



miss-islington  added the comment:


New changeset afe86066e748076f970ccd277fc64fc51bea189b by Miss Skeleton (bot) 
in branch '3.9':
bpo-41995: Fix null ptr deref in tracemalloc_copy_trace() (GH-22660)
https://github.com/python/cpython/commit/afe86066e748076f970ccd277fc64fc51bea189b


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2020-10-12 Thread miss-islington



Change by miss-islington :


--
nosy: +miss-islington
nosy_count: 4.0 -> 5.0
pull_requests: +21652
pull_request: https://github.com/python/cpython/pull/22681

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2020-10-12 Thread STINNER Victor



STINNER Victor  added the comment:


New changeset 66c28f50c76e4f23af7146e0e580457c5fd6bde7 by Yunlongs in branch 
'master':
bpo-41995: Fix null ptr deref in tracemalloc_copy_trace() (GH-22660)
https://github.com/python/cpython/commit/66c28f50c76e4f23af7146e0e580457c5fd6bde7


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2020-10-11 Thread Roundup Robot



Change by Roundup Robot :


--
pull_requests: +21637
pull_request: https://github.com/python/cpython/pull/22660

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2020-10-10 Thread Serhiy Storchaka



Change by Serhiy Storchaka :


--
nosy: +p-ganssle

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2020-10-10 Thread Serhiy Storchaka



Change by Serhiy Storchaka :


--
nosy: +vstinner
versions: +Python 3.10 -Python 3.5, Python 3.6, Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2020-10-10 Thread Roundup Robot



Change by Roundup Robot :


--
keywords: +patch
nosy: +python-dev
nosy_count: 1.0 -> 2.0
pull_requests: +21610
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/22635

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

2020-10-10 Thread brightest star



New submission from brightest star :

Hello everyone,

I have found five Null Pointer Dereference bugs in recent master branch.
Although it's impact could be slightly, i think it is better to fix it.

Bug 1:
In the file ; ./Modules/_tracemalloc.c:
static int
tracemalloc_copy_trace(_Py_hashtable_t *traces,
   const void *key, const void *value,
   void *user_data)
{
_Py_hashtable_t *traces2 = (_Py_hashtable_t *)user_data;

trace_t *trace = (trace_t *)value;

1201:trace_t *trace2 = raw_malloc(sizeof(trace_t));
1202:if (traces2 == NULL) {  <-
return -1;
}
1205:   *trace2 = *trace;
...
return 0;
}
At line 1201, we malloc a varible 'trace2' and then we should check whether the 
varible 'trace2' is NULL. But it checks 'traces2'(not 'trace2') in line 1202. 
The varible 'trace2' still could be NULL.I think it is a spelling mistake.

Bug 2 and 3:
In the file :Modules/_zoneinfo.c

static int
load_data(PyZoneInfo_ZoneInfo *self, PyObject *file_obj)
{
...
908: self->trans_list_utc =
PyMem_Malloc(self->num_transitions * sizeof(int64_t));
910:trans_idx = PyMem_Malloc(self->num_transitions * sizeof(Py_ssize_t));
...
}
Line 908 alloc a memory to 'self->trans_list_utc' and line 910 alloc a memory 
to 'trans_idx'. But the paramters passed to PyMem_Malloc are not fixed,it means 
that we possible could control the size to malloc. If we pass a big size to 
PyMem_Malloc, it will return NULL.
So,we should add some checks for 'self->trans_list_utc' and 'trans_idx',such as 
if (self->trans_list_utc == NULL) {
goto error;
}

Bug 4 and 5:
In the file :Modules/_zoneinfo.c

The problem same to bug 3 and 4.
line 991:self->_ttinfos = PyMem_Malloc(self->num_ttinfos * sizeof(_ttinfo));
line 1005:   self->trans_ttinfos =
PyMem_Calloc(self->num_transitions, sizeof(_ttinfo *));

We should add some checks below these lines.

--
components: Extension Modules
messages: 378385
nosy: brightest3379
priority: normal
severity: normal
status: open
title: five possible Null Pointer Dereference bugs.
type: behavior
versions: Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

[issue41995] five possible Null Pointer Dereference bugs.

12 matches

Site Navigation

Mail list logo

Footer information