cpython icon indicating copy to clipboard operation
cpython copied to clipboard
Published 1 week ago verified publisher icon python

[3.11] gh-120384: gh-120298: Fix array-out-of-bounds & use after free `list`

Open gpshead opened this issue 1 year ago • 1 comments

gh-120384: Fix array-out-of-bounds crash in list_ass_subscript (GH-120442) (cherry picked from commit 8334a1b55c93068f5d243852029baa83377ff6c9 in the 3.12 branch)

gh-120298: Fix use after free in list_richcompare.

gpshead avatar Jul 03 '24 18:07 gpshead

For consideration as a security related backport. To trigger these, people already need the ability to run arbitrary Python code. So we don't consider this a vulnerability given the existing capabilities. But it could make the life of some projects built on top of Python a little better.

Such projects are already on undefined behavior grounds if they consider anything executing Python bytecode to not be able to escape that to begin with. Because CPython does not guarantee any such thing.

gpshead avatar Jul 03 '24 18:07 gpshead

:robot: New build scheduled with the buildbot fleet by @gpshead for commit de707088a3c8b574f353e4f2f824b1f4d6d76746 :robot:

Results will be shown at:

https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F121345%2Fmerge

If you want to schedule another build, you need to add the :hammer: test-with-buildbots label again.

bedevere-bot avatar Aug 17 '25 19:08 bedevere-bot

Thanks @gpshead for the PR, and @ambv for merging it 🌮🎉.. I'm working now to backport this PR to: 3.9, 3.10. 🐍🍒⛏🤖 I'm not a witch! I'm not a witch!

miss-islington-app[bot] avatar Oct 31 '25 14:10 miss-islington-app[bot]

GH-140833 is a backport of this pull request to the 3.10 branch.

bedevere-app[bot] avatar Oct 31 '25 14:10 bedevere-app[bot]

GH-140834 is a backport of this pull request to the 3.9 branch.

bedevere-app[bot] avatar Oct 31 '25 14:10 bedevere-app[bot]