-
-
Notifications
You must be signed in to change notification settings - Fork 30.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gh-120298: Fix use-after-free in list_richcompare_impl
#120303
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What bisect or deque do with this?
What tests were added for the similar case above?
Yes, @serhiy-storchaka, you are correct. I simplified the reproduction to: class evil(object):
def __lt__(self, other):
other.clear()
return NotImplemented
a = [ [ evil()]]
a[0] < a # crash without this patch I've updated tests to store this test near |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Co-authored-by: Serhiy Storchaka <[email protected]>
Thanks @sobolevn for the PR 🌮🎉.. I'm working now to backport this PR to: 3.12. |
Thanks @sobolevn for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13. |
…nGH-120303) (cherry picked from commit 141baba) Co-authored-by: Nikita Sobolev <[email protected]> Co-authored-by: Serhiy Storchaka <[email protected]>
…nGH-120303) (cherry picked from commit 141baba) Co-authored-by: Nikita Sobolev <[email protected]> Co-authored-by: Serhiy Storchaka <[email protected]>
GH-120339 is a backport of this pull request to the 3.12 branch. |
GH-120340 is a backport of this pull request to the 3.13 branch. |
…20303) (#120339) gh-120298: Fix use-after-free in `list_richcompare_impl` (GH-120303) (cherry picked from commit 141baba) Co-authored-by: Nikita Sobolev <[email protected]> Co-authored-by: Serhiy Storchaka <[email protected]>
…20303) (#120340) gh-120298: Fix use-after-free in `list_richcompare_impl` (GH-120303) (cherry picked from commit 141baba) Co-authored-by: Nikita Sobolev <[email protected]> Co-authored-by: Serhiy Storchaka <[email protected]>
…n#120303) Co-authored-by: Serhiy Storchaka <[email protected]>
…n#120303) Co-authored-by: Serhiy Storchaka <[email protected]>
…n#120303) Co-authored-by: Serhiy Storchaka <[email protected]>
This code does the same thing as the code above it:
cpython/Objects/listobject.c
Lines 3360 to 3364 in 0ae8579
And looks like it gets the job done. I've added tests for these two corner cases.