[issue29438] use after free in key sharing dict
INADA Naoki
report at bugs.python.org
Sat Feb 4 13:56:09 EST 2017
INADA Naoki added the comment:
I can reproduce it on Python 3.5 with attached script.
I think this bug is from Python 3.3, since key-sharing dict is implemented.
"Trigger key sharing dict resize while callbacks (weakref or __del__) called from setitem" is step to reproduce.
It's not easy to exploit because external input (JSON, form, etc) doesn't use key-sharing dict.
Should I fix it for 3.3~ (security fix only) or 3.5~ (bugfix)?
----------
keywords: +3.3regression -3.6regression, patch
title: SIGSEGV in PyObject_Malloc on python 3.6 and 3.7 -> use after free in key sharing dict
Added file: http://bugs.python.org/file46519/29438-minimum.py
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29438>
_______________________________________
More information about the Python-bugs-list
mailing list