Skip to content

gh-101659: initialize stack variable _sharedexception #103048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

gh-101659: initialize stack variable _sharedexception #103048

wants to merge 1 commit into from

Conversation

gaogaotiantian
Copy link
Member

@gaogaotiantian gaogaotiantian commented Mar 26, 2023
edited by bedevere-bot
Loading

In ./Modules/_xxsubinterpretersmodule.c a variable _sharedexception exc on stack is declared introduced in #102659. The variable is not initialized.

In _run_script, it's possible that the function hits an error and goes to error label without properly initializing the variable. Then _sharedexception_bind can also potentially error out to trigger _sharedexception_clear(sharedexc), which may free the uninitialized pointer. I have not found an exploit on this, but there's a potential path. Also the fix is so easy and cheap so I think we can just initialize the variable with no_exception (basically {0}).

Oh BTW, gcc complains with the possible unitialized variable.

I would guess @ericsnowcurrently is the right person to review this? Thanks!

@bedevere-bot bedevere-bot mentioned this pull request Mar 26, 2023
Closed
@iritkatriel
Copy link
Member

CC @ericsnowcurrently

@arhadthedev arhadthedev added type-bug An unexpected behavior, bug, or error extension-modules C modules in the Modules dir topic-subinterpreters labels Mar 30, 2023
@gaogaotiantian
Copy link
Member Author

Fixed in #103245

@gaogaotiantian gaogaotiantian mentioned this pull request Apr 4, 2023
Merged
@gaogaotiantian gaogaotiantian deleted the uninitialized-sharedexception branch April 9, 2023 03:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
awaiting review extension-modules C modules in the Modules dir topic-subinterpreters type-bug An unexpected behavior, bug, or error
Projects
Subinterpreters
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gaogaotiantian @iritkatriel @arhadthedev @bedevere-bot