]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 052a0d1) | patch
gh-106092: Fix use-after-free crash in frame_dealloc (#106875)
authorAnders Kaseorg <andersk@mit.edu>
Tue, 1 Aug 2023 09:32:18 +0000 (02:32 -0700)
committerGitHub <noreply@github.com>
Tue, 1 Aug 2023 09:32:18 +0000 (10:32 +0100)
commit557b05c7a5334de5da3dc94c108c0121f10b9191
tree84c4eaea106080031c7f7a1110b9ac546afb1b76tree | snapshot
parent052a0d1106fa3ee0c955a3b7ba48e82c49424e20commit | diff
gh-106092: Fix use-after-free crash in frame_dealloc (#106875)

It was possible for the trashcan to delay the deallocation of a
PyFrameObject until after its corresponding _PyInterpreterFrame has
already been freed.  So frame_dealloc needs to avoid dereferencing the
f_frame pointer unless it first checks that the pointer still points
to the interpreter frame within the frame object.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Misc/NEWS.d/next/Core and Builtins/2023-07-18-16-13-51.gh-issue-106092.bObgRM.rst [new file with mode: 0644] blob
Objects/frameobject.c diff | blob | blame | history
Mirror of https://github.com/python/cpython.git