Skip to content

Crash in _asyncio._swap_current_task due to improper reference counting #105987

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
chgnrdv opened this issue Jun 22, 2023 · 0 comments · Fixed by #105989 or wolfi-dev/advisories#8607
Closed

Crash in _asyncio._swap_current_task due to improper reference counting #105987

chgnrdv opened this issue Jun 22, 2023 · 0 comments · Fixed by #105989 or wolfi-dev/advisories#8607
Labels
topic-asyncio type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@chgnrdv
Copy link
Contributor

chgnrdv commented Jun 22, 2023
edited by bedevere-bot
Loading

First appeared in a474e04, where given function was introduced.

Repro:

import _asyncio

class DummyLoop:
    pass

class DummyTask:
    pass

l = DummyLoop()
_asyncio._swap_current_task(l, DummyTask())
t = _asyncio._swap_current_task(l, None)

Output:

Modules/gcmodule.c:461: visit_decref: Assertion "!_PyObject_IsFreed(op)" failed
Enable tracemalloc to get the memory block allocation traceback

object address  : 0x7fedad081130
object refcount : 1
object type     : 0x55f665a81fe0
object type name: dict
object repr     : Segmentation fault (core dumped)

I'm working on a fix.

Linked PRs
@chgnrdv chgnrdv added the type-crash A hard crash of the interpreter, possibly with a core dump label Jun 22, 2023
@chgnrdv chgnrdv mentioned this issue Jun 22, 2023
Merged
@github-project-automation github-project-automation bot moved this to Todo in asyncio Jun 22, 2023
@github-project-automation github-project-automation bot moved this from Todo to Done in asyncio Jun 24, 2023
kumaraditya303 pushed a commit that referenced this issue Jun 24, 2023
@chgnrdv
gh-105987: Fix reference counting issue in `_asyncio._swap_current_ta…
d2cbb6e 
…sk` (#105989)
@bedevere-bot bedevere-bot mentioned this issue Jun 26, 2023
Merged
kumaraditya303 pushed a commit to kumaraditya303/cpython that referenced this issue Jun 26, 2023
@chgnrdv @kumaraditya303
[3.12] pythongh-105987: Fix reference counting issue in `_asyncio._sw…
8f4c71c 
…ap_current_task` (pythonGH-105989).

(cherry picked from commit d2cbb6e)

Co-authored-by: chgnrdv <[email protected]>
kumaraditya303 added a commit that referenced this issue Jun 26, 2023
@kumaraditya303 @chgnrdv
[3.12] gh-105987: Fix reference counting issue in `_asyncio._swap_cur… (
9e6f8d4 
#106099)

[3.12] gh-105987: Fix reference counting issue in `_asyncio._swap_current_task` (GH-105989).
(cherry picked from commit d2cbb6e)

Co-authored-by: chgnrdv <[email protected]>
@jamie-albert jamie-albert mentioned this issue Oct 10, 2024
Merged
westonsteimel added a commit to anchore/cve-data-enrichment that referenced this issue Oct 16, 2024
@westonsteimel
fix lower bound on CVE-2023-38898
953e820 
Per python/cpython#105987 the vulnerable
component was introduced in
python/cpython@a474e04
which appears to correspond with release 3.12.0b1

Signed-off-by: Weston Steimel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic-asyncio type-crash A hard crash of the interpreter, possibly with a core dump
Projects
asyncio
Status: Done
Milestone
No milestone
2 participants
@chgnrdv @AlexWaygood