Staging
v0.8.1
v0.8.1
https://github.com/python/cpython
Revision c352e6c7446c894b13643f538db312092b351789 authored by Miss Islington (bot) on 04 February 2020, 22:06:42 UTC, committed by GitHub on 04 February 2020, 22:06:42 UTC
When called on a closed object, readinto() segfaults on account of a write to a freed buffer: ==220553== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==220553== Access not within mapped region at address 0x2A ==220553== at 0x48408A0: memmove (vg_replace_strmem.c:1272) ==220553== by 0x58DB0C: _buffered_readinto_generic (bufferedio.c:972) ==220553== by 0x58DCBA: _io__Buffered_readinto_impl (bufferedio.c:1053) ==220553== by 0x58DCBA: _io__Buffered_readinto (bufferedio.c.h:253) Reproducer: reader = open ("/dev/zero", "rb") _void = reader.read (42) reader.close () reader.readinto (bytearray (42)) GH-GH-GH- BANG! The problem exists since 2012 when commit dc469454ec added code to free the read buffer on close(). Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com> (cherry picked from commit cb1c0746f277052e45a60d6c436a765e34722821) Co-authored-by: Philipp Gesang <phg@phi-gamma.net> Co-authored-by: Philipp Gesang <phg@phi-gamma.net>
1 parent 51332c4
Tip revision: c352e6c7446c894b13643f538db312092b351789 authored by Miss Islington (bot) on 04 February 2020, 22:06:42 UTC
closes bpo-39510: Fix use-after-free in BufferedReader.readinto() (GH-18350)
closes bpo-39510: Fix use-after-free in BufferedReader.readinto() (GH-18350)
Tip revision: c352e6c
.gitattributes
# Binary data types
*.aif binary
*.aifc binary
*.aiff binary
*.au binary
*.bmp binary
*.exe binary
*.icns binary
*.gif binary
*.ico binary
*.jpg binary
*.pck binary
*.png binary
*.psd binary
*.tar binary
*.wav binary
*.whl binary
*.zip binary
# Specific binary files
Lib/test/sndhdrdata/sndhdr.* binary
# Text files that should not be subject to eol conversion
Lib/test/cjkencodings/* -text
Lib/test/decimaltestdata/*.decTest -text
Lib/test/test_email/data/*.txt -text
Lib/test/xmltestdata/* -text
Lib/test/coding20731.py -text
# Special files in third party code
Modules/zlib/zlib.map -text
# CRLF files
*.bat text eol=crlf
*.ps1 text eol=crlf
*.sln text eol=crlf
*.vcxproj* text eol=crlf
*.props text eol=crlf
*.proj text eol=crlf
PCbuild/readme.txt text eol=crlf
PC/readme.txt text eol=crlf
# Generated files
# https://github.com/github/linguist#generated-code
Include/graminit.h linguist-generated=true
Python/graminit.h linguist-generated=true
Modules/clinic/*.h linguist-generated=true
Objects/clinic/*.h linguist-generated=true
PC/clinic/*.h linguist-generated=true
Python/clinic/*.h linguist-generated=true
Python/importlib.h linguist-generated=true
Python/importlib_external.h linguist-generated=true
Include/Python-ast.h linguist-generated=true
Python/Python-ast.c linguist-generated=true
Include/opcode.h linguist-generated=true
Python/opcode_targets.h linguist-generated=true
Objects/typeslots.inc linguist-generated=true
Modules/unicodedata_db.h linguist-generated=true
Computing file changes ...