gh-143637: Fix re-entrant mutation of ancillary data in socket.sendmsg()#143892
gh-143637: Fix re-entrant mutation of ancillary data in socket.sendmsg()#143892vstinner merged 21 commits intopython:mainfrom
Conversation
|
Hi, this PR fixes an internal correctness issue in socket.sendmsg(). |
|
No. It remains uaerfacing. In general, every bug fix should be announced if it can be seen only with pure python code and the public API |
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
|
Thanks for guiding, I have added the news entry. |
|
I have made the requested changes; please review again. |
|
Thanks for making the requested changes! @picnixz: please review the changes made to this pull request. |
…nshu2282-cyber/cpython into fix-sendmsg-reentrant-cmsg
vstinner
left a comment
vstinner
left a comment
There was a problem hiding this comment.
I ran the test on unmodified Python, it does crash as expected:
test_sendmsg_reentrant_ancillary_mutation (test.test_socket.GeneralModuleTests.test_sendmsg_reentrant_ancillary_mutation) ...
Fatal Python error: Segmentation fault
Co-authored-by: Victor Stinner <vstinner@python.org>
vstinner
dismissed
picnixz’s stale review
picnixz's review has been addressed.
|
"All required checks pass" failed with:
I'm not sure what's going on. Let me try to update this branch, maybe it will magically fix thei ssue? |
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
vstinner
added
needs backport to 3.13
|
Thanks @priyanshu2282-cyber for the PR, and @vstinner for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13. |
|
Thanks @priyanshu2282-cyber for the PR, and @vstinner for merging it 🌮🎉.. I'm working now to backport this PR to: 3.14. |
…sendmsg() (pythonGH-143892) (cherry picked from commit 82b92e3) Co-authored-by: Priyanshu Singh <priyanshu2282@gmail.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
…sendmsg() (pythonGH-143892) (cherry picked from commit 82b92e3) Co-authored-by: Priyanshu Singh <priyanshu2282@gmail.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
|
GH-144785 is a backport of this pull request to the 3.13 branch. |
|
GH-144786 is a backport of this pull request to the 3.14 branch. |
|
Merged, thanks for your fix. |
….sendmsg() (GH-143892) (#144785) gh-143637: Fix re-entrant mutation of ancillary data in socket.sendmsg() (GH-143892) (cherry picked from commit 82b92e3) Co-authored-by: Priyanshu Singh <priyanshu2282@gmail.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
|
Thanks for the review and guidance. |
….sendmsg() (GH-143892) (#144786) gh-143637: Fix re-entrant mutation of ancillary data in socket.sendmsg() (GH-143892) (cherry picked from commit 82b92e3) Co-authored-by: Priyanshu Singh <priyanshu2282@gmail.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
3 participants
Fix a crash in socket.sendmsg() caused by re-entrant mutation of ancillary data during argument parsing.
Hold a strong reference to each ancillary item while parsing to avoid use-after-free, and added a regression test.
socket.sendmsgancillary parser after re-entrant__index__clears the control list #143637