Commit 6f86288
gh-148660: Fix use-after-free in OrderedDict.copy() on reentrant mutation (GH-151573)
* gh-148660: Fix use-after-free in OrderedDict.copy() on reentrant mutation
OrderedDict.copy() walks the internal linked list while building the new
dict. The loop body can run arbitrary Python (a key's __eq__/__hash__, or
a subclass __getitem__/__setitem__) which can clear the source dict and
free the nodes being iterated.
Detect this the same way OrderedDict.__eq__ already does (gh-119004):
snapshot od_state before the loop, hold a strong reference to the key and
read the hash before any reentrant call, and raise RuntimeError if the
state changed before advancing to the next node.
* gh-148660: fix NEWS nit, suppress undocumented OrderedDict.copy xref
(cherry picked from commit 7d128e3)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
1 parent 11a2482 commit 6f86288
3 files changed
Lines changed: 62 additions & 10 deletions
File tree
- Lib/test
- Misc/NEWS.d/next/Library
- Objects
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
873 | 873 | | |
874 | 874 | | |
875 | 875 | | |
| 876 | + | |
| 877 | + | |
| 878 | + | |
| 879 | + | |
| 880 | + | |
| 881 | + | |
| 882 | + | |
| 883 | + | |
| 884 | + | |
| 885 | + | |
| 886 | + | |
| 887 | + | |
| 888 | + | |
| 889 | + | |
| 890 | + | |
| 891 | + | |
| 892 | + | |
| 893 | + | |
| 894 | + | |
| 895 | + | |
| 896 | + | |
| 897 | + | |
| 898 | + | |
| 899 | + | |
| 900 | + | |
| 901 | + | |
| 902 | + | |
| 903 | + | |
| 904 | + | |
| 905 | + | |
| 906 | + | |
| 907 | + | |
| 908 | + | |
876 | 909 | | |
877 | 910 | | |
878 | 911 | | |
| |||
Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1253 | 1253 | | |
1254 | 1254 | | |
1255 | 1255 | | |
| 1256 | + | |
| 1257 | + | |
| 1258 | + | |
| 1259 | + | |
1256 | 1260 | | |
1257 | 1261 | | |
1258 | | - | |
1259 | | - | |
| 1262 | + | |
| 1263 | + | |
| 1264 | + | |
1260 | 1265 | | |
1261 | 1266 | | |
1262 | 1267 | | |
| 1268 | + | |
1263 | 1269 | | |
1264 | 1270 | | |
1265 | | - | |
1266 | | - | |
| 1271 | + | |
| 1272 | + | |
| 1273 | + | |
| 1274 | + | |
1267 | 1275 | | |
| 1276 | + | |
| 1277 | + | |
1268 | 1278 | | |
1269 | 1279 | | |
1270 | 1280 | | |
1271 | 1281 | | |
1272 | | - | |
1273 | | - | |
1274 | | - | |
1275 | | - | |
| 1282 | + | |
| 1283 | + | |
| 1284 | + | |
| 1285 | + | |
1276 | 1286 | | |
1277 | | - | |
1278 | | - | |
| 1287 | + | |
| 1288 | + | |
1279 | 1289 | | |
| 1290 | + | |
1280 | 1291 | | |
1281 | 1292 | | |
| 1293 | + | |
| 1294 | + | |
1282 | 1295 | | |
1283 | 1296 | | |
1284 | 1297 | | |
1285 | 1298 | | |
| 1299 | + | |
| 1300 | + | |
| 1301 | + | |
1286 | 1302 | | |
1287 | 1303 | | |
1288 | 1304 | | |
| |||
0 commit comments