[Python-checkins] bpo-45262, asyncio: Fix cache of the running loop holder (GH-28796)
vstinner
webhook-mailer at python.org
Thu Oct 7 18:47:03 EDT 2021
https://github.com/python/cpython/commit/392a89835371baa0fc4bf79ae479abb80661f57d
commit: 392a89835371baa0fc4bf79ae479abb80661f57d
branch: main
author: Matthias Reichl <github at hias.horus.com>
committer: vstinner <vstinner at python.org>
date: 2021-10-08T00:46:49+02:00
summary:
bpo-45262, asyncio: Fix cache of the running loop holder (GH-28796)
Prevent use-after-free of running loop holder via cache.
files:
A Misc/NEWS.d/next/Library/2021-10-07-14-04-10.bpo-45262.HqF71Z.rst
M Modules/_asynciomodule.c
diff --git a/Misc/NEWS.d/next/Library/2021-10-07-14-04-10.bpo-45262.HqF71Z.rst b/Misc/NEWS.d/next/Library/2021-10-07-14-04-10.bpo-45262.HqF71Z.rst
new file mode 100644
index 0000000000000..4cd949fe1ed5d
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2021-10-07-14-04-10.bpo-45262.HqF71Z.rst
@@ -0,0 +1 @@
+Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop
\ No newline at end of file
diff --git a/Modules/_asynciomodule.c b/Modules/_asynciomodule.c
index ecc73d1ca8bf0..56079b0277d1a 100644
--- a/Modules/_asynciomodule.c
+++ b/Modules/_asynciomodule.c
@@ -3239,6 +3239,9 @@ new_running_loop_holder(PyObject *loop)
static void
PyRunningLoopHolder_tp_dealloc(PyRunningLoopHolder *rl)
{
+ if (cached_running_holder == (PyObject *)rl) {
+ cached_running_holder = NULL;
+ }
Py_CLEAR(rl->rl_loop);
PyObject_Free(rl);
}
More information about the Python-checkins
mailing list