Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

gh-142783: Fix possible use after free in zoneinfo module#142790

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
serhiy-storchaka merged 15 commits intopython:mainfromfatelei:issue-142783
Dec 17, 2025

Conversation

@fatelei
Copy link
Contributor

@fateleifatelei commentedDec 16, 2025
edited by bedevere-appbot
Loading

When _weak_cache is a descriptor that creates a new object each time it's accessed, get_weak_cache() incorrectly assumed it could return a borrowed reference and immediately decremented the reference count. This caused the newly created cache object to be freed too early, leading to use-after-free when the cache object was subsequently accessed.

Copy link
Member

@serhiy-storchakaserhiy-storchaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

LGTM. 👍

@serhiy-storchakaserhiy-storchakaenabled auto-merge (squash)December 17, 2025 08:11
@serhiy-storchakaserhiy-storchaka changed the titlegh-142783: Fix use-after-free vulnerability in zoneinfo modulegh-142783: Fix possible use after free in zoneinfo moduleDec 17, 2025
@serhiy-storchakaserhiy-storchaka merged commit8307a14 intopython:mainDec 17, 2025
50 checks passed
@serhiy-storchakaserhiy-storchaka added needs backport to 3.13bugs and security fixes needs backport to 3.14bugs and security fixes labelsDec 17, 2025
@miss-islington-app
Copy link

Thanks@fatelei for the PR, and@serhiy-storchaka for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13.
🐍🍒⛏🤖

@miss-islington-app
Copy link

Thanks@fatelei for the PR, and@serhiy-storchaka for merging it 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestDec 17, 2025
…onGH-142790)(cherry picked from commit8307a14)Co-authored-by: wangxiaolei <fatelei@gmail.com>
miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestDec 17, 2025
…onGH-142790)(cherry picked from commit8307a14)Co-authored-by: wangxiaolei <fatelei@gmail.com>
@bedevere-app
Copy link

GH-142861 is a backport of this pull request to the3.13 branch.

@bedevere-appbedevere-appbot removed the needs backport to 3.13bugs and security fixes labelDec 17, 2025
@bedevere-app
Copy link

GH-142862 is a backport of this pull request to the3.14 branch.

@bedevere-appbedevere-appbot removed the needs backport to 3.14bugs and security fixes labelDec 17, 2025
serhiy-storchaka pushed a commit that referenced this pull requestDec 17, 2025
…142790) (GH-142861)(cherry picked from commit8307a14)Co-authored-by: wangxiaolei <fatelei@gmail.com>
serhiy-storchaka pushed a commit that referenced this pull requestDec 17, 2025
…142790) (GH-142862)(cherry picked from commit8307a14)Co-authored-by: wangxiaolei <fatelei@gmail.com>
@bedevere-bot
Copy link

⚠️⚠️⚠️ Buildbot failure⚠️⚠️⚠️

Hi! The buildbotx86 Debian Non-Debug with X 3.14 (no tier) has failed when building commit897e2b4.

What do you need to do:

  1. Don't panic.
  2. Checkthe buildbot page in the devguide if you don't know what the buildbots are or how they work.
  3. Go to the page of the buildbot that failed (https://buildbot.python.org/#/builders/1687/builds/779) and take a look at the build logs.
  4. Check if the failure is related to this commit (897e2b4) or if it is a false positive.
  5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/#/builders/1687/builds/779

Summary of the results of the build (if available):

==

Click to see traceback logs
Traceback (most recent call last):  File �[35m"/buildbot/buildarea/3.14.ware-debian-x86.nondebug/build/Lib/test/test_external_inspection.py"�[0m, line �[35m1246�[0m, in �[35mtest_only_active_thread�[0m    �[31mself.assertEqual�[0m�[1;31m(�[0m    �[31m~~~~~~~~~~~~~~~~�[0m�[1;31m^�[0m        �[1;31mlen(gil_traces),1,"Should have exactly one GIL holder"�[0m        �[1;31m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m    �[1;31m)�[0m    �[1;31m^�[0m�[1;35mAssertionError�[0m:�[35m0 != 1 : Should have exactly one GIL holder�[0mTraceback (most recent call last):  File �[35m"/buildbot/buildarea/3.14.ware-debian-x86.nondebug/build/Lib/test/test_annotationlib.py"�[0m, line �[35m160�[0m, in �[35mtest_nonexistent_attribute�[0m    �[31mself.assertEqual�[0m�[1;31m(epsilon_anno, support.EqualToForwardRef("some | {obj, module}",owner=f))�[0m    �[31m~~~~~~~~~~~~~~~~�[0m�[1;31m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m�[1;35mAssertionError�[0m:�[35mForwardRef('some | {module, obj}', owner=[79 chars]f48>) != EqualToForwardRef('some | {obj, module}',[86 chars]f48>)�[0mTraceback (most recent call last):  File �[35m"/buildbot/buildarea/3.14.ware-debian-x86.nondebug/build/Lib/test/test_annotationlib.py"�[0m, line �[35m160�[0m, in �[35mtest_nonexistent_attribute�[0m    �[31mself.assertEqual�[0m�[1;31m(epsilon_anno, support.EqualToForwardRef("some | {obj, module}",owner=f))�[0m    �[31m~~~~~~~~~~~~~~~~�[0m�[1;31m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m�[1;35mAssertionError�[0m:�[35mForwardRef('some | {module, obj}', owner=[79 chars]e98>) != EqualToForwardRef('some | {obj, module}',[86 chars]e98>)�[0m

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@StanFromIrelandStanFromIrelandStanFromIreland left review comments

@serhiy-storchakaserhiy-storchakaserhiy-storchaka approved these changes

@pgansslepganssleAwaiting requested review from pgansslepganssle is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fatelei@bedevere-bot@serhiy-storchaka@StanFromIreland
[8]ページ先頭
©2009-2026 Movatter.jp