cpython.git - https://github.com/python/cpython.git

diff options

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2023-08-01 10:42:55 (GMT)
committer	GitHub <noreply@github.com>	2023-08-01 10:42:55 (GMT)
commit	b68faa3fa3214cda35d5a34639a7a62b6a98bc6c (patch)
tree	8383ad55b2ed0a5bbb3347356b9ccd7f7bea3a08 /Python/formatter_unicode.c
parent	fc4532a55d23887bae49350d2f939c597d6b5b98 (diff)
download	cpython-b68faa3fa3214cda35d5a34639a7a62b6a98bc6c.zip cpython-b68faa3fa3214cda35d5a34639a7a62b6a98bc6c.tar.gz cpython-b68faa3fa3214cda35d5a34639a7a62b6a98bc6c.tar.bz2

[3.12] gh-106092: Fix use-after-free crash in frame_dealloc (GH-106875) (#107532)

gh-106092: Fix use-after-free crash in frame_dealloc (GH-106875) It was possible for the trashcan to delay the deallocation of a PyFrameObject until after its corresponding _PyInterpreterFrame has already been freed. So frame_dealloc needs to avoid dereferencing the f_frame pointer unless it first checks that the pointer still points to the interpreter frame within the frame object. (cherry picked from commit 557b05c7a5334de5da3dc94c108c0121f10b9191) Signed-off-by: Anders Kaseorg <andersk@mit.edu> Co-authored-by: Anders Kaseorg <andersk@mit.edu>

Diffstat (limited to 'Python/formatter_unicode.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: