From: Victor Stinner <vstinner@redhat.com>
Date: Thu, 22 Nov 2018 15:32:57 +0000 (+0100)
Subject: bpo-9263: Fix _PyObject_Dump() for freed object (#10661)
X-Git-Tag: v3.8.0a1~451
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2cf5d32fd9e61488e8b0be55a2e92a752ba8b06b;p=thirdparty%2FPython%2Fcpython.git

bpo-9263: Fix _PyObject_Dump() for freed object (#10661)

If _PyObject_Dump() detects that the object is freed, don't try to
dump it (exit immediately).

Enhance also _PyObject_IsFreed(): it now detects if the pointer
itself looks like freed memory.
---

diff --git a/Objects/object.c b/Objects/object.c
index 9d2614bb6d11..c2d78aa47e65 100644
--- a/Objects/object.c
+++ b/Objects/object.c
@@ -423,6 +423,10 @@ _Py_BreakPoint(void)
 int
 _PyObject_IsFreed(PyObject *op)
 {
+    uintptr_t ptr = (uintptr_t)op;
+    if (_PyMem_IsFreed(&ptr, sizeof(ptr))) {
+        return 1;
+    }
     int freed = _PyMem_IsFreed(&op->ob_type, sizeof(op->ob_type));
     /* ignore op->ob_ref: the value can have be modified
        by Py_INCREF() and Py_DECREF(). */
@@ -448,6 +452,7 @@ _PyObject_Dump(PyObject* op)
         /* It seems like the object memory has been freed:
            don't access it to prevent a segmentation fault. */
         fprintf(stderr, "<freed object>\n");
+        return;
     }
 
     PyGILState_STATE gil;