]> git.ipfire.org Git - thirdparty/Python/cpython.git/commitdiff
projects / thirdparty / Python / cpython.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 831d58d)
bpo-40412: Nullify inittab_copy during finalization (GH-19746)
authorGregory Szorc <gregory.szorc@gmail.com>
Fri, 1 May 2020 18:07:54 +0000 (11:07 -0700)
committerGitHub <noreply@github.com>
Fri, 1 May 2020 18:07:54 +0000 (11:07 -0700)
Otherwise we leave a dangling pointer to free'd memory. If we
then initialize a new interpreter in the same process and call
PyImport_ExtendInittab, we will (likely) crash when calling
PyMem_RawRealloc(inittab_copy, ...) since the pointer address
is bogus.

Automerge-Triggered-By: @brettcannon
Misc/NEWS.d/next/C API/2020-05-01-17-28-04.bpo-40412.dE0D8N.rst [new file with mode: 0644] patch | blob
Python/import.c patch | blob | blame | history

diff --git a/Misc/NEWS.d/next/C API/2020-05-01-17-28-04.bpo-40412.dE0D8N.rst b/Misc/NEWS.d/next/C API/2020-05-01-17-28-04.bpo-40412.dE0D8N.rst
new file mode 100644 (file)
index 0000000..92bfcdd
--- /dev/null
+++ b/Misc/NEWS.d/next/C API/2020-05-01-17-28-04.bpo-40412.dE0D8N.rst
@@ -0,0 +1 @@
+Nullify inittab_copy during finalization, preventing future interpreter initializations in an embedded situation from crashing. Patch by Gregory Szorc.
diff --git a/Python/import.c b/Python/import.c
index 8c94e0ec54655a3c34a2d06457239caaa16ecad5..400b02abbdba04b923ebb1fdc45f963a10ec2607 100644 (file)
--- a/Python/import.c
+++ b/Python/import.c
@@ -298,6 +298,7 @@ _PyImport_Fini2(void)
 
     /* Free memory allocated by PyImport_ExtendInittab() */
     PyMem_RawFree(inittab_copy);
+    inittab_copy = NULL;
 
     PyMem_SetAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
 }
Mirror of https://github.com/python/cpython.git