[issue24407] Use after free in PyDict_merge
Mark Shannon
report at bugs.python.org
Sat Jul 4 16:37:21 CEST 2015
Mark Shannon added the comment:
There are two parts to this fix.
First, we raise a runtime exception if the other dict is modified during the update/merge.
Second, refcounts must be incremented around the PyDict_GetItem and insertdict calls in case the key or value is otherwise deallocated.
Patch attached.
----------
keywords: +patch
Added file: http://bugs.python.org/file39860/24407.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24407>
_______________________________________
More information about the Python-bugs-list
mailing list