Movatterモバイル変換


[0]ホーム

URL:


homepage

Issue36436

This issue trackerhas been migrated toGitHub, and is currentlyread-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title:_testcapi.pymem_buffer_overflow() doesn't handle memory allocation failure
Type:Stage:resolved
Components:TestsVersions:Python 3.8, Python 3.7
process
Status:closedResolution:fixed
Dependencies:Superseder:
Assigned To:Nosy List: miss-islington, serhiy.storchaka, vstinner, wjq-security, xtreak
Priority:normalKeywords:patch

Created on2019-03-26 12:35 bywjq-security, last changed2022-04-11 14:59 byadmin. This issue is nowclosed.

Pull Requests
URLStatusLinkedEdit
PR 12560mergedvstinner,2019-03-26 12:49
PR 12561closedmiss-islington,2019-03-26 13:35
PR 12564mergedmiss-islington,2019-03-26 15:21
Messages (6)
msg338875 -(view)Author: wangjiangqiang (wjq-security)Date: 2019-03-26 12:35
InModules/_testcapimodule.c  line 4186 and 4187.Allocated memory is used without null check.
msg338878 -(view)Author: Karthikeyan Singaravelan (xtreak)*(Python committer)Date: 2019-03-26 12:41
_testcapimodule.c is mostly imported as _testcapi in tests. I am not sure this is a security issue.
msg338880 -(view)Author: STINNER Victor (vstinner)*(Python committer)Date: 2019-03-26 12:51
> _testcapimodule.c is mostly imported as _testcapi in tests. I am not sure this is a security issue.The function triggers a memory overflow on purpose. Handling memory allocation failure is the least of your problem if you call this function :-)The whole module is designed to testing purpose only. "_" prefix in "_testapi" means that it must not be used. It's not documented on purpose.Attached PR fix the bug.
msg338888 -(view)Author: STINNER Victor (vstinner)*(Python committer)Date: 2019-03-26 13:35
New changeset414b1cde93764cdabb0798b02af4dd7df954424d by Victor Stinner in branch 'master':bpo-36436: Fix _testcapi.pymem_buffer_overflow() (GH-12560)https://github.com/python/cpython/commit/414b1cde93764cdabb0798b02af4dd7df954424d
msg338898 -(view)Author: miss-islington (miss-islington)Date: 2019-03-26 15:39
New changeset20fde53a25aefd076d8478f67d6db3908459c6f3 by Miss Islington (bot) in branch '3.7':bpo-36436: Fix _testcapi.pymem_buffer_overflow() (GH-12560)https://github.com/python/cpython/commit/20fde53a25aefd076d8478f67d6db3908459c6f3
msg338912 -(view)Author: STINNER Victor (vstinner)*(Python committer)Date: 2019-03-26 18:35
Thanks for your bug report. It is now fixed.
History
DateUserActionArgs
2022-04-11 14:59:13adminsetgithub: 80617
2019-03-26 18:35:36vstinnersetstatus: open -> closed
resolution: fixed
messages: +msg338912

stage: patch review -> resolved
2019-03-26 15:39:09miss-islingtonsetnosy: +miss-islington
messages: +msg338898
2019-03-26 15:21:11miss-islingtonsetpull_requests: +pull_request12509
2019-03-26 13:35:48miss-islingtonsetpull_requests: +pull_request12506
2019-03-26 13:35:45vstinnersetmessages: +msg338888
2019-03-26 12:51:47vstinnersetversions: + Python 3.7, Python 3.8
title: Potential null pointer de-reference vulnerability -> _testcapi.pymem_buffer_overflow() doesn't handle memory allocation failure
messages: +msg338880

components: + Tests
type: security ->
2019-03-26 12:49:58vstinnersetkeywords: +patch
stage: patch review
pull_requests: +pull_request12505
2019-03-26 12:41:57xtreaksetnosy: +serhiy.storchaka,xtreak
messages: +msg338878
2019-03-26 12:38:06SilentGhostsetnosy: +vstinner
2019-03-26 12:35:32wjq-securitycreate
Supported byThe Python Software Foundation,
Powered byRoundup
Copyright © 1990-2022,Python Software Foundation
Legal Statements

[8]ページ先頭

©2009-2026 Movatter.jp