-
-
Notifications
You must be signed in to change notification settings - Fork 29.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gh-98793: Fix typecheck in overlapped.c
#98835
gh-98793: Fix typecheck in overlapped.c
#98835
Conversation
Misc/NEWS.d/next/Library/2022-10-29-03-40-18.gh-issue-98793.WSPB4A.rst
Outdated
Show resolved
Hide resolved
…PB4A.rst Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
This can potentially crash the interpreter so can be considered a security issue. The RMs should decide cc @pablogsal @ambv. |
Usually a crash is only a vulnerability if it can be exploited by sending an app that is using the API untrusted data. |
Since it's complex to decide which crash can be triggered by user action, we usually treat crashers as potential vulnerabilities and patch them in security-only releases. We'd spend more time thinking about whether it's right to backport if the patch was overly complex or backwards incompatible. This isn't the case here so I'd backport to security-only releases, too. Such crashers rarely get CVE numbers and we don't automatically trigger a security release for them. We just bundle the fix with the next release that is triggered by a CVE. |
The backports might be a bit involved due to Argument Clinic. I'll take care of those. |
Thanks @CharlieZhao95 for the PR, and @gvanrossum for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8, 3.9, 3.10, 3.11. |
Sorry, @CharlieZhao95 and @gvanrossum, I could not cleanly backport this to |
Sorry @CharlieZhao95 and @gvanrossum, I had trouble checking out the |
Sorry, @CharlieZhao95 and @gvanrossum, I could not cleanly backport this to |
Sorry @CharlieZhao95 and @gvanrossum, I had trouble checking out the |
Sorry, @CharlieZhao95 and @gvanrossum, I could not cleanly backport this to |
Okay @ambv go ahead with the backport! |
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com> (cherry picked from commit 3ac8c0a)
It seems that for recent releases(3.11/3.10), backporting is not that complicated, and I will help with those backports as well :) |
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com> (cherry picked from commit 3ac8c0a)
GH-98889 is a backport of this pull request to the 3.11 branch. |
GH-98890 is a backport of this pull request to the 3.10 branch. |
GH-98890 is a backport of this pull request to the 3.10 branch. |
Fixes typecheck in
_overlapped.WSAConnect
and_overlapped.Overlapped.WSASendTo
.