You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
_queue_clear_interpreter in Modules/_interpqueuesmodule.c (lines 739-774) never updates queue->items.last when removing the tail item. After the item is freed, items.last is a dangling pointer. Next queue operation writes to freed memory.
I have a working patch on this issue, will sending the PR later.
CPython versions tested on:
CPython main branch
Operating systems tested on:
No response
Output from running 'python -VV' on the command line:
Crash report
What happened?
Summary
_queue_clear_interpreterinModules/_interpqueuesmodule.c(lines 739-774) never updatesqueue->items.lastwhen removing the tail item. After the item is freed,items.lastis a dangling pointer. Next queue operation writes to freed memory.I have a working patch on this issue, will sending the PR later.
CPython versions tested on:
CPython main branch
Operating systems tested on:
No response
Output from running 'python -VV' on the command line:
No response
Linked PRs