New submission from paul:
# Program received signal SIGSEGV, Segmentation fault.
# 0x40036740 in encoder_listencode_dict (s=0x405b43fc, acc=0xbf86438c, dct=<D
at remote 0x405b2fb4>, indent_level=0)
# at /home/p/Python-3.4.1/Modules/_json.c:1557
# 1557 PyList_SET_ITEM(items, i, item);
# (gdb) print *(PyListObject*)items
# $1 = {ob_base = {ob_base = {_ob_next = 0x405bcab4, _ob_prev = 0x40591184,
ob_refcnt = 2, ob_type = 0x830e1c0 <PyList_Type>},
# ob_size = 0}, ob_item = 0x0, allocated = 0}
# (gdb) print i
# $2 = 112233
#
# "items" was cleared in __hash__, so we get a wild write at a controlled
address.
----------
files: poc_enc_dict3.py
messages: 242311
nosy: pkt
priority: normal
severity: normal
status: open
title: Use after free during json encoding a dict (3)
type: crash
versions: Python 3.4
Added file: http://bugs.python.org/file39246/poc_enc_dict3.py
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue24096>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
