[issue46280] About vulnerabilities in Cpython native code
STINNER Victor
report at bugs.python.org
Thu Jan 13 20:54:53 EST 2022
STINNER Victor <vstinner at python.org> added the comment:
#389
Modules/_tracemalloc.c:1245: error: Null Dereference
pointer `traces2` last assigned on line 1243 could be null and is dereferenced by call to `_Py_hashtable_destroy()` at line 1245, column 9.
1243. _Py_hashtable_t *traces2 = tracemalloc_copy_traces(traces);
1244. if (_Py_hashtable_set(domains2, TO_PTR(domain), traces2) < 0) {
1245. _Py_hashtable_destroy(traces2);
^
1246. return -1;
1247. }
That's a real bug: I wrote PR #30591 to fix it.
Whereas the following one must be ignored, since the function does crash (read at NULL) on purpose:
#360
Modules/faulthandler.c:1025: error: Null Dereference
pointer `x` last assigned on line 1024 could be null and is dereferenced at line 1025, column 9.
1023. faulthandler_suppress_crash_report();
1024. x = NULL;
1025. y = *x;
^
1026. return PyLong_FromLong(y);
1027.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46280>
_______________________________________
More information about the Python-bugs-list
mailing list