[issue35991] potential double free in Modules/_randommodule.c line 295 and line 317

[wangjiangqiang]

Change by wangjiangqiang <767563...@qq.com>:


--
nosy: wjq-security
priority: normal
severity: normal
status: open
title: potential double free in Modules/_randommodule.c line 295 and line 317
type: security

___
Python tracker 
<https://bugs.python.org/issue35991>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35993] incorrect use of released memory in Python/pystate.c line 284

[wangjiangqiang]

Change by wangjiangqiang <767563...@qq.com>:


--
nosy: wjq-security
priority: normal
severity: normal
status: open
title: incorrect use of released memory in Python/pystate.c line 284
type: security

___
Python tracker 
<https://bugs.python.org/issue35993>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35991] potential double free in Modules/_randommodule.c line 295 and line 317

[wangjiangqiang]

wangjiangqiang <767563...@qq.com> added the comment:

line 295 calls PyMem_Free(key),then "key" was freed again in line 317 which 
causes the bug.

--

___
Python tracker 
<https://bugs.python.org/issue35991>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35993] incorrect use of released memory in Python/pystate.c line 284

[wangjiangqiang]

New submission from wangjiangqiang <767563...@qq.com>:

the code is trying to visit a link list in a loop, it tries to visit the next 
node in line 284 "interp = interp->next" while the current node is freed in 
line 296 "PyMem_RawFree(interp);"

--

___
Python tracker 
<https://bugs.python.org/issue35993>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35993] incorrect use of released memory in Python/pystate.c line 284

[wangjiangqiang]

wangjiangqiang <767563...@qq.com> added the comment:

Just create a temporary node points to the next node before release the current 
node. change the loop condition if necessary.

--

___
Python tracker 
<https://bugs.python.org/issue35993>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36436] Potential null pointer de-reference vulnerability

[wangjiangqiang]

New submission from wangjiangqiang <767563...@qq.com>:

In Modules/_testcapimodule.c  line 4186 and 4187.
Allocated memory is used without null check.

--
messages: 338875
nosy: wjq-security
priority: normal
severity: normal
status: open
title: Potential null pointer de-reference vulnerability
type: security

___
Python tracker 
<https://bugs.python.org/issue36436>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com