bpo-40294: Fix use-after-free in _asynciomodule.c when module is loaded/unloaded multiple times#19542
Merged
vstinner merged 1 commit intopython:masterfrom Apr 17, 2020
Merged
Conversation
Loading
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GH-16598 added the static variable
module_initializedto_asynciomodule.cto guard against multiple initializations and instead re-use the resources from the first initialization. However, the variable isn't cleared inmodule_free(). If the module is again initialized aftermodule_freeis called, the program will crash. In particular,Py_INCREF(all_tasks);inPyInit__asyncio()will access invalid memory.The fix seems straightforward: simply clear the flag in
module_free(). This seems symmetric with it being set inmodule_init().https://bugs.python.org/issue40294