[3.14] gh-134100: Fix use-after-free in PyImport_ImportModuleLevelObject (GH-134117) (#134171)

gh-134100: Fix use-after-free in `PyImport_ImportModuleLevelObject` (GH-134117) (cherry picked from commit 4e9005d32f) Co-authored-by: Nico-Posada <102486290+Nico-Posada@users.noreply.github.com>
2025-07-23 19:25:40 +00:00 · 2025-05-18 17:08:40 +02:00 · 2025-05-18 17:08:40 +02:00 · 8d51ed6b05
commit 8d51ed6b05
parent bf39decabd
3 changed files with 20 additions and 1 deletions
--- a/Lib/test/test_importlib/import_/test_relative_imports.py
+++ b/Lib/test/test_importlib/import_/test_relative_imports.py
@ -223,6 +223,21 @@ class RelativeImports:
            self.__import__('sys', {'__package__': '', '__spec__': None},
                            level=1)
    def test_malicious_relative_import(self):
        # https://github.com/python/cpython/issues/134100
        # Test to make sure UAF bug with error msg doesn't come back to life
        import sys
        loooong = "".ljust(0x23000, "b")
        name = f"a.{loooong}.c"
        with util.uncache(name):
            sys.modules[name] = {}
            with self.assertRaisesRegex(
                KeyError,
                r"'a\.b+' not in sys\.modules as expected"
            ):
                __import__(f"{loooong}.c", {"__package__": "a"}, level=1)
 (Frozen_RelativeImports,
 Source_RelativeImports
--- a/Misc/NEWS.d/next/Core_and_Builtins/2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst
+++ b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst
@ -0,0 +1,2 @@
 Fix a use-after-free bug that occurs when an imported module isn't
 in :data:`sys.modules` after its initial import. Patch by Nico-Posada.
--- a/Python/import.c
+++ b/Python/import.c
@ -3852,15 +3852,17 @@ PyImport_ImportModuleLevelObject(PyObject *name, PyObject *globals,
                }
                final_mod = import_get_module(tstate, to_return);
                Py_DECREF(to_return);
                if (final_mod == NULL) {
                    if (!_PyErr_Occurred(tstate)) {
                        _PyErr_Format(tstate, PyExc_KeyError,
                                      "%R not in sys.modules as expected",
                                      to_return);
                    }
                    Py_DECREF(to_return);
                    goto error;
                }
                Py_DECREF(to_return);
            }
        }
        else {
		`@ -0,0 +1,2 @@`
							`Fix a use-after-free bug that occurs when an imported module isn't`
							in :data:`sys.modules` after its initial import. Patch by Nico-Posada.