[issue24096] Use after free in get_filter
paul
report at bugs.python.org
Fri May 1 16:04:37 CEST 2015
paul added the comment:
# Program received signal SIGSEGV, Segmentation fault.
# 0x080f2c17 in PyObject_GetAttr (v=<unknown at remote 0x40573d8c>, name='match') at Objects/object.c:872
# 872 if (tp->tp_getattro != NULL)
# (gdb) bt
# #0 0x080f2c17 in PyObject_GetAttr (v=<unknown at remote 0x40573d8c>, name='match') at Objects/object.c:872
# #1 0x080f2b42 in _PyObject_GetAttrId (v=<unknown at remote 0x40573d8c>, name=0x8328354 <PyId_match.9432>) at Objects/object.c:835
# #2 0x0809c3a6 in _PyObject_CallMethodId (o=<unknown at remote 0x40573d8c>, name=0x8328354 <PyId_match.9432>, format=0x829552c "O")
# at Objects/abstract.c:2215
# #3 0x0817e48b in check_matched (obj=<unknown at remote 0x40573d8c>, arg='c') at Python/_warnings.c:28
# #4 0x0817e88b in get_filter (category=<type at remote 0x830bf80>, text='', lineno=4, module='c', item=0xbfa87c88)
# (gdb) frame 4
# #4 0x0817e88b in get_filter (category=<type at remote 0x830bf80>, text='', lineno=4, module='c', item=0xbfa87c88)
# at Python/_warnings.c:152
# 152 good_mod = check_matched(mod, module);
# (gdb) print *mod
# $1 = {_ob_next = 0xdbdbdbdb, _ob_prev = 0xdbdbdbdb, ob_refcnt = -606348325, ob_type = 0xdbdbdbdb}
#
# "mod" object is deleted in "match" method. Use after free.
#
----------
title: Use after free during json encoding a dict (3) -> Use after free in get_filter
Added file: http://bugs.python.org/file39247/poc_get_filter.py
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24096>
_______________________________________
More information about the Python-bugs-list
mailing list