]> git.ipfire.org Git - thirdparty/Python/cpython.git/commitdiff
projects / thirdparty / Python / cpython.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 60c44ed)
[3.13] gh-122695: Fix double-free when using `gc.get_referents` with a freed `_asynci...
authorPeter Bierma <zintensitydev@gmail.com>
Fri, 9 Aug 2024 14:06:36 +0000 (14:06 +0000)
committerGitHub <noreply@github.com>
Fri, 9 Aug 2024 14:06:36 +0000 (19:36 +0530)
* Backport #122834 for 3.13

Lib/test/test_asyncio/test_futures.py patch | blob | blame | history
Misc/NEWS.d/next/Library/2024-08-08-15-05-58.gh-issue-122695.f7pwBv.rst [new file with mode: 0644] patch | blob
Modules/_asynciomodule.c patch | blob | blame | history

diff --git a/Lib/test/test_asyncio/test_futures.py b/Lib/test/test_asyncio/test_futures.py
index 458b70451a306a869bee1f70d5e4baa918bb3a4e..2417712a9c9b64569c84bfe944511c555b6be33a 100644 (file)
--- a/Lib/test/test_asyncio/test_futures.py
+++ b/Lib/test/test_asyncio/test_futures.py
@@ -675,6 +675,14 @@ class CFutureTests(BaseFutureTests, test_utils.TestCase):
         with self.assertRaises(AttributeError):
             del fut._log_traceback
 
+    def test_future_iter_get_referents_segfault(self):
+        # See https://github.com/python/cpython/issues/122695
+        import _asyncio
+        it = iter(self._new_future(loop=self.loop))
+        del it
+        evil = gc.get_referents(_asyncio)
+        gc.collect()
+
 
 @unittest.skipUnless(hasattr(futures, '_CFuture'),
                      'requires the C _asyncio module')
diff --git a/Misc/NEWS.d/next/Library/2024-08-08-15-05-58.gh-issue-122695.f7pwBv.rst b/Misc/NEWS.d/next/Library/2024-08-08-15-05-58.gh-issue-122695.f7pwBv.rst
new file mode 100644 (file)
index 0000000..cc6bc38
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-08-08-15-05-58.gh-issue-122695.f7pwBv.rst
@@ -0,0 +1,2 @@
+Fixed double-free when using :func:`gc.get_referents` with a freed
+:class:`asyncio.Future` iterator.
diff --git a/Modules/_asynciomodule.c b/Modules/_asynciomodule.c
index 6e87de5e954826167d949b7c7f352084d5271f21..3babd33eaabf45f8ce33780c512ebf145479c184 100644 (file)
--- a/Modules/_asynciomodule.c
+++ b/Modules/_asynciomodule.c
@@ -3529,17 +3529,6 @@ module_traverse(PyObject *mod, visitproc visit, void *arg)
     Py_VISIT(state->iscoroutine_typecache);
 
     Py_VISIT(state->context_kwname);
-
-#ifndef Py_GIL_DISABLED
-    // Visit freelist.
-    PyObject *next = (PyObject*) state->fi_freelist;
-    while (next != NULL) {
-        PyObject *current = next;
-        Py_VISIT(current);
-        next = (PyObject*) ((futureiterobject*) current)->future;
-    }
-#endif
-
     return 0;
 }
 
Mirror of https://github.com/python/cpython.git