]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: daa2578) | patch
gh-145244: Fix use-after-free on borrowed dict key in json encoder (GH-145245)
authorRamin Farajpour Cami <ramin.blackhat@gmail.com>
Sat, 11 Apr 2026 22:26:36 +0000 (01:56 +0330)
committerGitHub <noreply@github.com>
Sat, 11 Apr 2026 22:26:36 +0000 (22:26 +0000)
commit8a466fa3d90a9e1f04d23c05ee2cf3f3c406ba30
tree091d27d5b133501a137b1cd4e9724e1a46b05c40tree | snapshot
parentdaa2578dc04cce99545e72acc8431929519c04fccommit | diff
gh-145244: Fix use-after-free on borrowed dict key in json encoder (GH-145245)

In encoder_encode_key_value(), key is a borrowed reference from
PyDict_Next(). If the default callback mutates or clears the dict,
key becomes a dangling pointer. The error path then calls
_PyErr_FormatNote("%R", key) on freed memory.

Fix by holding strong references to key and value unconditionally
during encoding, not just in the free-threading build.

Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Lib/test/test_json/test_dump.py diff | blob | blame | history
Misc/NEWS.d/next/Library/2026-02-26-12-00-00.gh-issue-145244.Kj31cp.rst [new file with mode: 0644] blob
Modules/_json.c diff | blob | blame | history
Mirror of https://github.com/python/cpython.git