https://github.com/python/cpython/commit/1205afb3e10194fe22fa76385abb7e52214... commit: 1205afb3e10194fe22fa76385abb7e522144eb29 branch: 3.8 author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> committer: GitHub <noreply@github.com> date: 2020-05-01T16:06:23-07:00 summary: bpo-40412: Nullify inittab_copy during finalization (GH-19746) Otherwise we leave a dangling pointer to free'd memory. If we then initialize a new interpreter in the same process and call PyImport_ExtendInittab, we will (likely) crash when calling PyMem_RawRealloc(inittab_copy, ...) since the pointer address is bogus. Automerge-Triggered-By: @brettcannon (cherry picked from commit 64224a4727321a8dd33e6f769edda401193ebef0) Co-authored-by: Gregory Szorc <gregory.szorc@gmail.com> files: A Misc/NEWS.d/next/C API/2020-05-01-17-28-04.bpo-40412.dE0D8N.rst M Python/import.c diff --git a/Misc/NEWS.d/next/C API/2020-05-01-17-28-04.bpo-40412.dE0D8N.rst b/Misc/NEWS.d/next/C API/2020-05-01-17-28-04.bpo-40412.dE0D8N.rst new file mode 100644 index 0000000000000..92bfcddf115a6 --- /dev/null +++ b/Misc/NEWS.d/next/C API/2020-05-01-17-28-04.bpo-40412.dE0D8N.rst @@ -0,0 +1 @@ +Nullify inittab_copy during finalization, preventing future interpreter initializations in an embedded situation from crashing. Patch by Gregory Szorc. diff --git a/Python/import.c b/Python/import.c index 495012d1c7da6..b4074d1dfc3fa 100644 --- a/Python/import.c +++ b/Python/import.c @@ -300,6 +300,7 @@ _PyImport_Fini2(void) /* Free memory allocated by PyImport_ExtendInittab() */ PyMem_RawFree(inittab_copy); + inittab_copy = NULL; PyMem_SetAllocator(PYMEM_DOMAIN_RAW, &old_alloc); }