Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork33.7k
Closed
Assignees
Description
Crash report
What happened?
importasyncioclassEvilLoop:defcall_soon(*args):# will crash before it actually gets hereprint(args)defget_debug(self):returnFalsedef__getattribute__(self,name):globaltrackerifname=="call_soon":fut.remove_done_callback(tracker)deltrackerprint("returning call_soon method after clearing callback0")returnobject.__getattribute__(self,name)classTrackDel:def__del__(self):print("deleted",self)fut=asyncio.Future(loop=EvilLoop())tracker=TrackDel()fut.add_done_callback(tracker)fut.set_result("kaboom")
Originally posted by@Nico-Posada in#125970 (comment)
Not sure I'll be able to work on it today, so anyone's free to take on it.
Traceback
deleted <__main__.TrackDel object at 0x7f4ab660a420>returning call_soon method after clearing callback0Python/context.c:534: _PyObject_GC_UNTRACK: Assertion "_PyObject_GC_IS_TRACKED(((PyObject*)(op)))" failed: object not tracked by the garbage collectorEnable tracemalloc to get the memory block allocation tracebackobject address : 0x7f4ab64ca4b0object refcount : 0object type : 0x9bfc60object type name: _contextvars.Contextobject repr : <refcnt 0 at 0x7f4ab64ca4b0>Fatal Python error: _PyObject_AssertFailed: _PyObject_AssertFailedPython runtime state: initializedTypeError: EvilLoop.call_soon() got an unexpected keyword argument 'context'Linked PRs
- gh-125984: fix UAF on
fut->fut_{callback,context}0due to an evilloop.__getattribute__#126003 - [3.13] gh-125984: fix use-after-free on
fut->fut_{callback,context}0due to an evilloop.__getattribute__(GH-126003) #126043 - [3.12] gh-125984: fix use-after-free on
fut->fut_{callback,context}0due to an evilloop.__getattribute__(GH-126003) #126044
Metadata
Metadata
Assignees
Labels
Projects
Status
Done