New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use after free in pystate.c #62528
Comments
Coverity doesn't like the code in and I think it's right. Can somebody look into the matter and check Python 3.3, too? http://hg.python.org/cpython/file/ac7bc6700ac3/Python/pystate.c#l376
395 tstate_delete_common(tstate);
CID 1019639 (#1 of 1): Use after free (USE_AFTER_FREE)12. use_after_free: Using freed pointer "tstate". |
Well, tstate is freed, but is not used afterwards, it's just comparing the pointer against the TLS. |
Seems it is not possible to write a test for this. |
I think it's unsafe. The address of a pointer should not be used once the pointer has been freed. How about we reverse the order? At first we remove the key from TLS and then free the tstate. |
LGTM. |
Dereferencing a freed pointer is unsafe. A pointer is just an address,
Looks good to me! |
I was talking about memory address reuse, too. After all the code doesn't access data at the pointer's address but rather uses the address as an identifier. I agree that the code should not behave erroneous under current circumstances. The GIL ensures serialization and provides a memory barrier. But it's hard to tell what might happen in the future and in embedded applications. It smells fishy. :) |
New changeset ff30bf84b378 by Christian Heimes in branch '3.3': New changeset ebe064e542ef by Christian Heimes in branch 'default': |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: