subject:"\[issue28963\] Use\-after\-free in

[issue28963] Use-after-free in _asynciomodule.c

2016-12-14 Thread STINNER Victor

STINNER Victor added the comment: I see three options: * avoid PyObject_RichCompareBool() which can run arbitrary Python code: this can be complicated since callbacks can be proxies, functools.partial, lambda, and other funny callable objects * reimplement the same algorithm than the Python im

[issue28963] Use-after-free in _asynciomodule.c

2016-12-14 Thread STINNER Victor

STINNER Victor added the comment: > Oh, this is a release blocker. I'll take a look later today. The bug requires to have an "evil" class which is unlikely in an application. I don't think that it's a release blocker. -- priority: release blocker -> __

[issue28963] Use-after-free in _asynciomodule.c

2016-12-13 Thread Ned Williamson

Ned Williamson added the comment: yselivanov, ah I think you're right. I misread that function after I noticed the issue in the first one. -- ___ Python tracker ___

[issue28963] Use-after-free in _asynciomodule.c

2016-12-13 Thread Yury Selivanov

Yury Selivanov added the comment: I think the bug is only in _asyncio_Future_remove_done_callback, since future_schedule_callbacks makes a slice first, which cannot be mutated. I'm attaching a patch. Inada, would you be able to take a look? -- keywords: +patch nosy: +ned.deily priorit

[issue28963] Use-after-free in _asynciomodule.c

2016-12-13 Thread Yury Selivanov

Yury Selivanov added the comment: Oh, this is a release blocker. I'll take a look later today. -- ___ Python tracker ___ ___ Python-bu

[issue28963] Use-after-free in _asynciomodule.c

2016-12-13 Thread Ned Deily

Changes by Ned Deily : -- nosy: +giampaolo.rodola, gvanrossum, haypo, yselivanov ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue28963] Use-after-free in _asynciomodule.c

2016-12-13 Thread Berker Peksag

Changes by Berker Peksag : -- nosy: +inada.naoki ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.p

[issue28963] Use-after-free in _asynciomodule.c

2016-12-13 Thread Ned Williamson

New submission from Ned Williamson: There are two cases of use-after-free in the new Modules/_asynciomodule.c in the release candidate for Python 3.6, but I'm filing these together because it's the same underlying issue. In both cases in this file where the unsafe `PyList_GET_ITEM` is called,

[issue28963] Use-after-free in _asynciomodule.c

[issue28963] Use-after-free in _asynciomodule.c

[issue28963] Use-after-free in _asynciomodule.c

[issue28963] Use-after-free in _asynciomodule.c

[issue28963] Use-after-free in _asynciomodule.c

[issue28963] Use-after-free in _asynciomodule.c

[issue28963] Use-after-free in _asynciomodule.c

[issue28963] Use-after-free in _asynciomodule.c

8 matches

Site Navigation

Mail list logo

Footer information