[New-bugs-announce] [issue24092] Use after free in Element.extend (2)
paul
report at bugs.python.org
Fri May 1 15:57:05 CEST 2015
New submission from paul:
# Program received signal SIGSEGV, Segmentation fault.
# 0x4063cf19 in element_extend (self=0x405ddf74, args=([],)) at /home/p/Python-3.4.1/Modules/_elementtree.c:1056
# 1056 PyObject* element = PySequence_Fast_GET_ITEM(seq, i);
# (gdb) print i
# $3 = 1337
# (gdb) print *(PyListObject*)seq
# $4 = {ob_base = {ob_base = {_ob_next = 0x406373ec, _ob_prev = 0x405ddf74, ob_refcnt = 3, ob_type = 0x830e1c0 <PyList_Type>},
# ob_size = 0}, ob_item = 0x0, allocated = 0}
#
# Controlled read (resulting from a use after free). "seq" is cleared in a custom
# destructor (Y.__del__()).
#
----------
files: poc_elt_extend2.py
messages: 242306
nosy: pkt
priority: normal
severity: normal
status: open
title: Use after free in Element.extend (2)
type: crash
versions: Python 3.4
Added file: http://bugs.python.org/file39241/poc_elt_extend2.py
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24092>
_______________________________________
More information about the New-bugs-announce
mailing list