diff options
| author | Matthias Reichl <github@hias.horus.com> | 2021-10-07 22:46:49 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-07 22:46:49 (GMT) |
| commit | 392a89835371baa0fc4bf79ae479abb80661f57d (patch) | |
| tree | d890cc3705761151efb026af5ec1099801fff5eb | |
| parent | 0219017df7ec41839fd0d56a3076b5f09c58d313 (diff) | |
| download | cpython-392a89835371baa0fc4bf79ae479abb80661f57d.zip cpython-392a89835371baa0fc4bf79ae479abb80661f57d.tar.gz cpython-392a89835371baa0fc4bf79ae479abb80661f57d.tar.bz2 | |
bpo-45262, asyncio: Fix cache of the running loop holder (GH-28796)
Prevent use-after-free of running loop holder via cache.
| -rw-r--r-- | Misc/NEWS.d/next/Library/2021-10-07-14-04-10.bpo-45262.HqF71Z.rst | 1 | ||||
| -rw-r--r-- | Modules/_asynciomodule.c | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Library/2021-10-07-14-04-10.bpo-45262.HqF71Z.rst b/Misc/NEWS.d/next/Library/2021-10-07-14-04-10.bpo-45262.HqF71Z.rst new file mode 100644 index 0000000..4cd949f --- /dev/null +++ b/Misc/NEWS.d/next/Library/2021-10-07-14-04-10.bpo-45262.HqF71Z.rst @@ -0,0 +1 @@ +Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop
\ No newline at end of file diff --git a/Modules/_asynciomodule.c b/Modules/_asynciomodule.c index ecc73d1c..56079b0 100644 --- a/Modules/_asynciomodule.c +++ b/Modules/_asynciomodule.c @@ -3239,6 +3239,9 @@ new_running_loop_holder(PyObject *loop) static void PyRunningLoopHolder_tp_dealloc(PyRunningLoopHolder *rl) { + if (cached_running_holder == (PyObject *)rl) { + cached_running_holder = NULL; + } Py_CLEAR(rl->rl_loop); PyObject_Free(rl); } |