From 4a42ad21463a1cfcc66894155b600dcf51a03831 Mon Sep 17 00:00:00 2001 From: kcatss Date: Sat, 10 Feb 2024 15:00:32 +0000 Subject: [PATCH 1/6] gh-115243 : Fix crash in deque with custom comparison operators --- Lib/test/test_deque.py | 7 ++++++- Modules/_collectionsmodule.c | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Lib/test/test_deque.py b/Lib/test/test_deque.py index ae1dfacd7262e4..518313749912db 100644 --- a/Lib/test/test_deque.py +++ b/Lib/test/test_deque.py @@ -166,7 +166,7 @@ def test_contains(self): with self.assertRaises(RuntimeError): n in d - def test_contains_count_stop_crashes(self): + def test_contains_count_index_stop_crashes(self): class A: def __eq__(self, other): d.clear() @@ -178,6 +178,11 @@ def __eq__(self, other): with self.assertRaises(RuntimeError): _ = d.count(3) + d = deque([A()]) + with self.assertRaises(RuntimeError ): + d.index(0) + + def test_extend(self): d = deque('a') self.assertRaises(TypeError, d.extend, 1) diff --git a/Modules/_collectionsmodule.c b/Modules/_collectionsmodule.c index ef77d34b10e47b..ab9a5a800f24eb 100644 --- a/Modules/_collectionsmodule.c +++ b/Modules/_collectionsmodule.c @@ -1218,8 +1218,9 @@ deque_index_impl(dequeobject *deque, PyObject *v, Py_ssize_t start, n = stop - i; while (--n >= 0) { CHECK_NOT_END(b); - item = b->data[index]; + item = Py_NewRef(b->data[index]); cmp = PyObject_RichCompareBool(item, v, Py_EQ); + Py_DECREF(item); if (cmp > 0) return PyLong_FromSsize_t(stop - n - 1); if (cmp < 0) From 34b8c276d6d6e244588567e51bc5f7d603cf2c76 Mon Sep 17 00:00:00 2001 From: kcatss Date: Sun, 11 Feb 2024 00:07:24 +0900 Subject: [PATCH 2/6] Update Modules/_collectionsmodule.c Co-authored-by: Kirill Podoprigora --- Modules/_collectionsmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/_collectionsmodule.c b/Modules/_collectionsmodule.c index ab9a5a800f24eb..179f098d8349c8 100644 --- a/Modules/_collectionsmodule.c +++ b/Modules/_collectionsmodule.c @@ -1218,7 +1218,7 @@ deque_index_impl(dequeobject *deque, PyObject *v, Py_ssize_t start, n = stop - i; while (--n >= 0) { CHECK_NOT_END(b); - item = Py_NewRef(b->data[index]); + item = Py_NewRef(b->data[index]); cmp = PyObject_RichCompareBool(item, v, Py_EQ); Py_DECREF(item); if (cmp > 0) From 5f290eaf49cbfc54423c392796e1f42e6b0d3159 Mon Sep 17 00:00:00 2001 From: Kirill Podoprigora Date: Sat, 10 Feb 2024 21:07:20 +0300 Subject: [PATCH 3/6] Adjust indents Co-authored-by: Radislav Chugunov <52372310+chgnrdv@users.noreply.github.com> --- Lib/test/test_deque.py | 3 +-- Modules/_collectionsmodule.c | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Lib/test/test_deque.py b/Lib/test/test_deque.py index 518313749912db..4679f297fd7f4a 100644 --- a/Lib/test/test_deque.py +++ b/Lib/test/test_deque.py @@ -179,10 +179,9 @@ def __eq__(self, other): _ = d.count(3) d = deque([A()]) - with self.assertRaises(RuntimeError ): + with self.assertRaises(RuntimeError): d.index(0) - def test_extend(self): d = deque('a') self.assertRaises(TypeError, d.extend, 1) diff --git a/Modules/_collectionsmodule.c b/Modules/_collectionsmodule.c index 179f098d8349c8..4fa76d62bc3f8d 100644 --- a/Modules/_collectionsmodule.c +++ b/Modules/_collectionsmodule.c @@ -1218,9 +1218,9 @@ deque_index_impl(dequeobject *deque, PyObject *v, Py_ssize_t start, n = stop - i; while (--n >= 0) { CHECK_NOT_END(b); - item = Py_NewRef(b->data[index]); + item = Py_NewRef(b->data[index]); cmp = PyObject_RichCompareBool(item, v, Py_EQ); - Py_DECREF(item); + Py_DECREF(item); if (cmp > 0) return PyLong_FromSsize_t(stop - n - 1); if (cmp < 0) From f5f86c5699fcea86a6d173913a0964e8b38dcd31 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 00:33:02 +0000 Subject: [PATCH 4/6] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst diff --git a/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst b/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst new file mode 100644 index 00000000000000..f792117c4c5561 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst @@ -0,0 +1 @@ +Fix possible crashes when operating with the functions in the :func:`deque.index`and custom comparison operators. From 8ec189929131ce3c56ab95c0198d240f483f6dde Mon Sep 17 00:00:00 2001 From: kcatss Date: Mon, 12 Feb 2024 15:33:35 +0900 Subject: [PATCH 5/6] =?UTF-8?q?2024-02-12-00-33-01.gh-issue-115243.e1oGX8.?= =?UTF-8?q?rst=20=EC=97=85=EB=8D=B0=EC=9D=B4=ED=8A=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Kirill Podoprigora --- .../Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst b/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst index f792117c4c5561..2b1380b6eb7be5 100644 --- a/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst +++ b/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst @@ -1 +1,2 @@ -Fix possible crashes when operating with the functions in the :func:`deque.index`and custom comparison operators. +Fix possible crashes in :func:`deque.index` when calling +:c:func:`PyObject_RichCompareBool`. From 9ada9ed4b3de288b54d30dfd211880a649725b01 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Wed, 14 Feb 2024 17:35:03 +0200 Subject: [PATCH 6/6] Update Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst --- .../Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst b/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst index 2b1380b6eb7be5..ae0e910c7d159c 100644 --- a/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst +++ b/Misc/NEWS.d/next/Security/2024-02-12-00-33-01.gh-issue-115243.e1oGX8.rst @@ -1,2 +1 @@ -Fix possible crashes in :func:`deque.index` when calling -:c:func:`PyObject_RichCompareBool`. +Fix possible crashes in :meth:`collections.deque.index` when the deque is concurrently modified.