[issue29438] use after free in key sharing dict
INADA Naoki
report at bugs.python.org
Wed Feb 8 03:55:08 EST 2017
INADA Naoki added the comment:
> Why res == 0 is added? If PyDict_SetItem() triggers recursive calling of _PyObjectDict_SetItem() which calls PyDict_SetItem() it may be possible that the first PyDict_SetItem() is failed while the dict is changed by the second PyDict_SetItem() and CACHED_KEYS(tp) becomes outdated.
To avoid hiding error raised in PyDict_SetItem().
But it seems I was too nervous. The error will be hidden only when make_keys_shared() raise exception.
I'll remove the check.
BTW, how about -py35.patch? It is minimum patch to avoid "use after free". It skip
CACHED_KEYS(tp) = NULL entirely. But I think I can apply same patch to Python 3.5 too.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29438>
_______________________________________
More information about the Python-bugs-list
mailing list