git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Pablo Galindo Salgado <Pablogsal@gmail.com>
	Mon, 13 Apr 2026 22:22:23 +0000 (23:22 +0100)
committer	GitHub <noreply@github.com>
	Mon, 13 Apr 2026 22:22:23 +0000 (22:22 +0000)
commit	289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67
tree	83fc545fbde9ce120dfd8a7832af41dddf7f2246	tree \| snapshot
parent	4adffd9efad7052ad0a22743dd678d0201ec0286	commit \| diff

gh-148178: Validate remote debug offset tables on load (#148187)

Treat the debug offset tables read from a target process as untrusted input
and validate them before the unwinder uses any reported sizes or offsets.

Add a shared validator in debug_offsets_validation.h and run it once when
_Py_DebugOffsets is loaded and once when AsyncioDebug is loaded. The checks
cover section sizes used for fixed local buffers and every offset that is
later dereferenced against a local buffer or local object view. This keeps
the bounds checks out of the sampling hot path while rejecting malformed
tables up front.

Misc/NEWS.d/next/Security/2026-04-06-13-55-00.gh-issue-148178.Rs7kLm.rst	[new file with mode: 0644]	blob
Modules/_remote_debugging/_remote_debugging.h		diff \| blob \| blame \| history
Modules/_remote_debugging/asyncio.c		diff \| blob \| blame \| history
Modules/_remote_debugging/debug_offsets_validation.h	[new file with mode: 0644]	blob
Modules/_remote_debugging/frames.c		diff \| blob \| blame \| history
Modules/_remote_debugging/module.c		diff \| blob \| blame \| history