[New-bugs-announce] [issue23996] _PyGen_FetchStopIterationValue() crashes on unnormalised exceptions
Stefan Behnel
report at bugs.python.org
Sat Apr 18 21:45:13 CEST 2015
New submission from Stefan Behnel:
The yield-from implementation calls _PyGen_FetchStopIterationValue() to get the exception value. If the StopIteration exception is not normalised, e.g. because it was set by PyErr_SetObject() in a C extension, then _PyGen_FetchStopIterationValue() will cast to (PyStopIterationObject*) whatever the exception value is and happily interpret an arbitrary memory position as PyObject*.
I attached a possible patch for the function. Another place to fix it would be in the yield-from code in ceval.c, but directly genobject.c seems the safer place.
----------
components: Interpreter Core
files: fix_stopiteration_crash.patch
keywords: patch
messages: 241454
nosy: scoder
priority: normal
severity: normal
status: open
title: _PyGen_FetchStopIterationValue() crashes on unnormalised exceptions
type: crash
versions: Python 3.3, Python 3.4, Python 3.5
Added file: http://bugs.python.org/file39108/fix_stopiteration_crash.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23996>
_______________________________________
More information about the New-bugs-announce
mailing list