Commit8d51ed6

miss-islington

and

Nico-Posada

authored

[3.14]gh-134100: Fix use-after-free inPyImport_ImportModuleLevelObject (GH-134117) (#134171)

gh-134100: Fix use-after-free in `PyImport_ImportModuleLevelObject` (GH-134117)(cherry picked from commit4e9005d)Co-authored-by: Nico-Posada <102486290+Nico-Posada@users.noreply.github.com>

1 parentbf39dec commit8d51ed6Copy full SHA for 8d51ed6

File tree

3 files changed

+20

-1

lines changed

Lib/test/test_importlib/import_
- test_relative_imports.py
Misc/NEWS.d/next/Core_and_Builtins
- 2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst
Python
- import.c

3 files changed

+20

-1

lines changed

`‎Lib/test/test_importlib/import_/test_relative_imports.py`

Lines changed: 15 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -223,6 +223,21 @@ def test_relative_import_no_package_exists_absolute(self):`
`223`	`223`	`self.__import__('sys', {'__package__':'','__spec__':None},`
`224`	`224`	`level=1)`
`225`	`225`
	`226`	`+deftest_malicious_relative_import(self):`
	`227`	`+# https://github.com/python/cpython/issues/134100`
	`228`	`+# Test to make sure UAF bug with error msg doesn't come back to life`
	`229`	`+importsys`
	`230`	`+loooong="".ljust(0x23000,"b")`
	`231`	`+name=f"a.{loooong}.c"`
	`232`	`+`
	`233`	`+withutil.uncache(name):`
	`234`	`+sys.modules[name]= {}`
	`235`	`+withself.assertRaisesRegex(`
	`236`	`+KeyError,`
	`237`	`+r"'a\.b+' not in sys\.modules as expected"`
	`238`	`+ ):`
	`239`	`+__import__(f"{loooong}.c", {"__package__":"a"},level=1)`
	`240`	`+`
`226`	`241`
`227`	`242`	`(Frozen_RelativeImports,`
`228`	`243`	`Source_RelativeImports`

`‎Misc/NEWS.d/next/Core_and_Builtins/2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+Fix a use-after-free bug that occurs when an imported module isn't`
	`2`	+in:data:`sys.modules` after its initial import. Patch by Nico-Posada.

`‎Python/import.c`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -3852,15 +3852,17 @@ PyImport_ImportModuleLevelObject(PyObject name, PyObject globals,`
`3852`	`3852`	`}`
`3853`	`3853`
`3854`	`3854`	`final_mod=import_get_module(tstate,to_return);`
`3855`		`-Py_DECREF(to_return);`
`3856`	`3855`	`if (final_mod==NULL) {`
`3857`	`3856`	`if (!_PyErr_Occurred(tstate)) {`
`3858`	`3857`	`_PyErr_Format(tstate,PyExc_KeyError,`
`3859`	`3858`	`"%R not in sys.modules as expected",`
`3860`	`3859`	`to_return);`
`3861`	`3860`	`}`
	`3861`	`+Py_DECREF(to_return);`
`3862`	`3862`	`gotoerror;`
`3863`	`3863`	`}`
	`3864`	`+`
	`3865`	`+Py_DECREF(to_return);`
`3864`	`3866`	`}`
`3865`	`3867`	`}`
`3866`	`3868`	`else {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit8d51ed6

File tree

3 files changed

3 files changed

`‎Lib/test/test_importlib/import_/test_relative_imports.py`

`‎Misc/NEWS.d/next/Core_and_Builtins/2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst`

`‎Python/import.c`

0 commit comments