mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 00:48:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

[3.12] gh-123083: Fix a potential use-after-free in ``STORE_ATTR_WITH… (#123237)

Browse source 
[3.12] gh-123083: Fix a potential use-after-free in ``STORE_ATTR_WITH_HINT`` (gh-123092)
(cherry picked from commit 297f2e093e)
This commit is contained in:
Donghee Na 2024-08-23 01:37:40 +09:00 committed by GitHub
parent fbbde4dc6a
commit 6e6855950a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 224 additions and 203 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Python/bytecodes.c
View file

@ -1999,14 +1999,15 @@ dummy_func(
new_version = _PyDict_NotifyEvent(tstate->interp, PyDict_EVENT_MODIFIED, dict, name, value);
ep->me_value = value;
}
Py_DECREF(old_value);
STAT_INC(STORE_ATTR, hit);
/* Ensure dict is GC tracked if it needs to be */
if (!_PyObject_GC_IS_TRACKED(dict) && _PyObject_GC_MAY_BE_TRACKED(value)) {
_PyObject_GC_TRACK(dict);
}
/* PEP 509 */
dict->ma_version_tag = new_version;
dict->ma_version_tag = new_version; // PEP 509
// old_value should be DECREFed after GC track checking is done, if not, it could raise a segmentation fault,
// when dict only holds the strong reference to value in ep->me_value.
Py_DECREF(old_value);
STAT_INC(STORE_ATTR, hit);
Py_DECREF(owner);
}