NotificationsYou must be signed in to change notification settings
Fork34.1k
Star71.6k

UAF on`fut->fut_callback0` with evil`eq` in`_asynciomodule.c` #125966

Closed

UAF onfut->fut_callback0 with evil__eq__ in_asynciomodule.c#125966

Assignees

Labels

3.12only security fixes3.13bugs and security fixes3.14bugs and security fixestopic-asynciotype-crashA hard crash of the interpreter, possibly with a core dump

Description

picnixz

opened

on Oct 25, 2024

Crash report

Bug description:

This is an issue just to track the progress of fixing the UAF onfut->fut_callback0 (see#125833 (comment)).

The UAF that could be exploited by clearingfut._callbacks won't be triggered anymore since after#125922, we will not mutate the internal list itself anymore but it is still be possilbe to mutatefut->fut_callback0 directly:#125833 (comment).

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Linked PRs

Metadata

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

UAF on`fut->fut_callback0` with evil`eq` in`_asynciomodule.c` #125966

Description

Crash report

Bug description:

CPython versions tested on:

Operating systems tested on:

Linked PRs

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

Movatterモバイル変換

Uh oh!

UAF onfut->fut_callback0 with evil__eq__ in_asynciomodule.c #125966

Description

Crash report

Bug description:

CPython versions tested on:

Operating systems tested on:

Linked PRs

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

UAF on`fut->fut_callback0` with evil`eq` in`_asynciomodule.c` #125966