gh-126238: Fix possible null pointer dereference of freevars in _PyCompile_LookupArg #126239
Conversation
federicovalenso
commented
Oct 31, 2024
•
federicovalenso
commented
- Issue: Possible null pointer dereference of freevars in _PyCompile_LookupArg #126238
|
Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool. If this change has little impact on Python users, wait for a maintainer to apply the |
federicovalenso
requested review from
markshannon and
iritkatriel
as code owners
Misc/NEWS.d/next/Security/2024-10-31-13-14-27.gh-issue-126238.CZqaon.rst
Outdated
Show resolved
Hide resolved
|
I'm not exactly sure how to trigger it, it was found via a static analyzer. |
…CZqaon.rst Co-authored-by: Peter Bierma <[email protected]>
| @@ -0,0 +1 @@ | |||
| Fix a possible crash internally when compiling. | |||
There was a problem hiding this comment.
I suggest to drop this NEWS entry.
There was a problem hiding this comment.
I concur (that's what I did for #126241 because it's a bit hard to phrase it properly and meaningfully).
There was a problem hiding this comment.
drop this NEWS entry
Done )
There was a problem hiding this comment.
Why? This seems user-facing to me, isn't it?
There was a problem hiding this comment.
The bottom line in general is whether this kind of bug can be triggered easily using public interface. Unless you have a reproducer saying that with X and Y you can do Z, or unless the interface is publicly documented and known to the outside world, a NEWS entry would be fine. But here, we have neither a test nor is _PyCompile_LookupArg something that is exposed to the world.
As an end-user, reading "Fix a possible crash internally when compiling." gives me no information at all except that there was a bug I wasn't aware of (and that it was not always triggerable). I don't know how to make the crash happen, nor do I know what was crashing.
picnixz
added
needs backport to 3.12
| @@ -901,7 +901,7 @@ _PyCompile_LookupArg(compiler *c, PyCodeObject *co, PyObject *name) | |||
| c->u->u_metadata.u_name, | |||
| co->co_name, | |||
| freevars); | |||
There was a problem hiding this comment.
Does PyErr_Format work for null?
There was a problem hiding this comment.
Yes, %R formats it as "<NULL>"
Can you be more specific? I cannot reproduce this internal crash. |
See GH-126238. Looking at the source, this can only fail in some rare cases when a memory allocation fails, but it's pretty clearly wrong if that was the case so we might as well fix it. |
|
Thanks @federicovalenso for the PR, and @sobolevn for merging it 🌮🎉.. I'm working now to backport this PR to: 3.12, 3.13. |
|
Sorry, @federicovalenso and @sobolevn, I could not cleanly backport this to |
|
Sorry, @federicovalenso and @sobolevn, I could not cleanly backport this to |
|
@federicovalenso do you want to create manual backports? See:
Or I can do that if you ask me to :) |
|
See the devguide if you want to know how to do that. |
|
@sobolevn , @ZeroIntensity , I'll try to do that) |
…vars in _PyCompile_LookupArg (pythonGH-126239) * Replace Py_DECREF by Py_XDECREF (cherry picked from commit 8525c93) Co-authored-by: Valery Fedorenko <[email protected]> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Peter Bierma <[email protected]>
…vars in _PyCompile_LookupArg (pythonGH-126239) * Replace Py_DECREF by Py_XDECREF (cherry picked from commit 8525c93) Co-authored-by: Valery Fedorenko <[email protected]> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Peter Bierma <[email protected]>
…e_LookupArg (gh-126238) (#126474) [3.12] gh-126238: Fix possible null pointer dereference of freevars in _PyCompile_LookupArg (GH-126239) * Replace Py_DECREF by Py_XDECREF (cherry picked from commit 8525c93) Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Peter Bierma <[email protected]>
…e_LookupArg (gh-126238) (#126475) [3.13] gh-126238: Fix possible null pointer dereference of freevars in _PyCompile_LookupArg (GH-126239) * Replace Py_DECREF by Py_XDECREF (cherry picked from commit 8525c93) Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Peter Bierma <[email protected]>
ambv
removed
needs backport to 3.12
… _PyCompile_LookupArg (python#126239) * Replace Py_DECREF by Py_XDECREF Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Peter Bierma <[email protected]>
… _PyCompile_LookupArg (python#126239) * Replace Py_DECREF by Py_XDECREF Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Peter Bierma <[email protected]>
