git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.14] gh-143378: Fix use-after-free when BytesIO is concurrently mutated during write operations (GH-143408) (GH-143599)

PyObject_GetBuffer() can execute user code (e.g. via __buffer__), which may
close or otherwise mutate a BytesIO object while write() or writelines()
is in progress. This could invalidate the internal buffer and lead to a
use-after-free.

Ensure that PyObject_GetBuffer() is called before validation checks.
(cherry picked from commit 6d54b6ac7d5744e1f59d784c8e020d632d2959a3)

Co-authored-by: zhong <60600792+superboy-zjc@users.noreply.github.com>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Fri, 9 Jan 2026 12:16:51 +0000 (13:16 +0100)
committer	GitHub <noreply@github.com>
	Fri, 9 Jan 2026 12:16:51 +0000 (12:16 +0000)
commit	f264f103d457000fd147086bc96e0a8eed3975fa
tree	b42910cbf92aec9247368b6e110e42e2d8d4e643	tree \| snapshot
parent	a299c1b1855b77e5195984e6414a3315d92f869a	commit \| diff

Lib/_pyio.py		diff \| blob \| blame \| history
Lib/test/test_memoryio.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Library/2026-01-03-19-41-36.gh-issue-143378.29AvE7.rst	[new file with mode: 0644]	blob
Modules/_io/bytesio.c		diff \| blob \| blame \| history