traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
cpython/Modules/_io
History
Miss Islington (bot) 97d2a98324
closes bpo-39510: Fix use-after-free in BufferedReader.readinto() (GH-18295) 
When called on a closed object, readinto() segfaults on account
of a write to a freed buffer:

    ==220553== Process terminating with default action of signal 11 (SIGSEGV): dumping core
    ==220553==  Access not within mapped region at address 0x2A
    ==220553==    at 0x48408A0: memmove (vg_replace_strmem.c:1272)
    ==220553==    by 0x58DB0C: _buffered_readinto_generic (bufferedio.c:972)
    ==220553==    by 0x58DCBA: _io__Buffered_readinto_impl (bufferedio.c:1053)
    ==220553==    by 0x58DCBA: _io__Buffered_readinto (bufferedio.c.h:253)

Reproducer:

    reader = open ("/dev/zero", "rb")
    _void  = reader.read (42)
    reader.close ()
    reader.readinto (bytearray (42)) GH-GH-GH- BANG!

The problem exists since 2012 when commit dc469454ec added code
to free the read buffer on close().

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
(cherry picked from commit cb1c0746f2)

Co-authored-by: Philipp Gesang <phg@phi-gamma.net>
 		2020-02-04 13:43:07 -08:00
..
clinic bpo-36523: Add docstring to io.IOBase.writelines (GH-12683) 2019-04-22 21:08:24 +09:00
_iomodule.c bpo-2091: Fix typo in exception message (GH-12987) 2019-04-27 23:39:06 +03:00
_iomodule.h bpo-31572: Get rid of PyObject_HasAttr() and _PyObject_HasAttrId() in the _io module. (#3726) 2018-01-16 18:34:21 +02:00
bufferedio.c closes bpo-39510: Fix use-after-free in BufferedReader.readinto() (GH-18295) 2020-02-04 13:43:07 -08:00
bytesio.c Fix the error handling in bytesio_sizeof(). (GH-10459) 2019-06-01 14:58:33 -07:00
fileio.c [3.7] closes bpo-27805: Ignore ESPIPE in initializing seek of append-mode files. (GH-17137) 2019-11-12 15:34:43 -08:00
iobase.c bpo-36523: Add docstring to io.IOBase.writelines (GH-12683) 2019-04-22 21:08:24 +09:00
stringio.c bpo-25862: Fix several bugs in the _io module. (GH-8026) 2018-06-30 11:25:37 -07:00
textio.c bpo-35504: Fix segfaults and SystemErrors when deleting certain attrs. (GH-11175) 2018-12-17 07:10:20 -08:00
winconsoleio.c [3.7] bpo-36254: Fix invalid uses of %d in format strings in C. (GH-12264). (GH-12322) 2019-03-14 10:47:27 +02:00