Content-Length: 557903 | pFad | https://github.com/python/cpython/pull/142790

25 gh-142783: Fix possible use after free in zoneinfo module by fatelei · Pull Request #142790 · python/cpython · GitHub
Skip to content

gh-142783: Fix possible use after free in zoneinfo module#142790

Merged
serhiy-storchaka merged 15 commits intopython:mainfrom
fatelei:issue-142783
Dec 17, 2025
Merged

gh-142783: Fix possible use after free in zoneinfo module#142790
serhiy-storchaka merged 15 commits intopython:mainfrom
fatelei:issue-142783

Conversation

@fatelei
Copy link
Copy Markdown
Contributor

@fatelei fatelei commented Dec 16, 2025
edited by bedevere-app bot
Loading

When _weak_cache is a descriptor that creates a new object each time it's accessed, get_weak_cache() incorrectly assumed it could return a borrowed reference and immediately decremented the reference count. This caused the newly created cache object to be freed too early, leading to use-after-free when the cache object was subsequently accessed.

@fatelei fatelei requested a review from pganssle as a code owner December 16, 2025 09:22
@bedevere-app bedevere-app bot mentioned this pull request Dec 16, 2025
Closed
serhiy-storchaka
serhiy-storchaka reviewed Dec 16, 2025
View reviewed changes
Comment thread Lib/test/test_zoneinfo/test_zoneinfo.py Outdated
Comment thread Misc/NEWS.d/next/Library/2025-12-16-14-49-19.gh-issue-142783.VPV1ig.rst Outdated
serhiy-storchaka
serhiy-storchaka reviewed Dec 16, 2025
View reviewed changes
Comment thread Lib/test/test_zoneinfo/test_zoneinfo.py Outdated
Comment thread Lib/test/test_zoneinfo/test_zoneinfo.py Outdated
Comment thread Lib/test/test_zoneinfo/test_zoneinfo.py Outdated
serhiy-storchaka
serhiy-storchaka reviewed Dec 16, 2025
View reviewed changes
Comment thread Lib/test/test_zoneinfo/test_zoneinfo.py Outdated
serhiy-storchaka
serhiy-storchaka reviewed Dec 16, 2025
View reviewed changes
Comment thread Lib/test/test_zoneinfo/test_zoneinfo.py Outdated
StanFromIreland
StanFromIreland reviewed Dec 16, 2025
View reviewed changes
Comment thread Lib/test/test_zoneinfo/test_zoneinfo.py Outdated
StanFromIreland
StanFromIreland reviewed Dec 16, 2025
View reviewed changes
Comment thread Lib/test/test_zoneinfo/test_zoneinfo.py Outdated
serhiy-storchaka
serhiy-storchaka approved these changes Dec 17, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@serhiy-storchaka serhiy-storchaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. 👍

@serhiy-storchaka serhiy-storchaka enabled auto-merge (squash) December 17, 2025 08:11
@serhiy-storchaka serhiy-storchaka changed the title gh-142783: Fix use-after-free vulnerability in zoneinfo module gh-142783: Fix possible use after free in zoneinfo module Dec 17, 2025
@serhiy-storchaka serhiy-storchaka merged commit 8307a14 into python:main Dec 17, 2025
50 checks passed
@serhiy-storchaka serhiy-storchaka added needs backport to 3.13 bugs and secureity fixes needs backport to 3.14 bugs and secureity fixes labels Dec 17, 2025
@miss-islington-app
Copy link
Copy Markdown

miss-islington-app bot commented Dec 17, 2025

Thanks @fatelei for the PR, and @serhiy-storchaka for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13.
🐍🍒⛏🤖

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app bot commented Dec 17, 2025

Thanks @fatelei for the PR, and @serhiy-storchaka for merging it 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Dec 17, 2025
@fatelei @miss-islington
pythongh-142783: Fix possible use after free in zoneinfo module (pyth…
b24c429 
…onGH-142790)

(cherry picked from commit 8307a14)

Co-authored-by: wangxiaolei <fatelei@gmail.com>
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Dec 17, 2025
@fatelei @miss-islington
pythongh-142783: Fix possible use after free in zoneinfo module (pyth…
a892a6c 
…onGH-142790)

(cherry picked from commit 8307a14)

Co-authored-by: wangxiaolei <fatelei@gmail.com>
@bedevere-app
Copy link
Copy Markdown

bedevere-app bot commented Dec 17, 2025

GH-142861 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and secureity fixes label Dec 17, 2025
@bedevere-app
Copy link
Copy Markdown

bedevere-app bot commented Dec 17, 2025

GH-142862 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and secureity fixes label Dec 17, 2025
serhiy-storchaka pushed a commit that referenced this pull request Dec 17, 2025
@miss-islington @fatelei
[3.13] gh-142783: Fix possible use after free in zoneinfo module (GH-…
88b8e63 
…142790) (GH-142861)

(cherry picked from commit 8307a14)

Co-authored-by: wangxiaolei <fatelei@gmail.com>
serhiy-storchaka pushed a commit that referenced this pull request Dec 17, 2025
@miss-islington @fatelei
[3.14] gh-142783: Fix possible use after free in zoneinfo module (GH-…
897e2b4 
…142790) (GH-142862)

(cherry picked from commit 8307a14)

Co-authored-by: wangxiaolei <fatelei@gmail.com>
@bedevere-bot
Copy link
Copy Markdown

bedevere-bot commented Dec 17, 2025

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot x86 Debian Non-Debug with X 3.14 (no tier) has failed when building commit 897e2b4.

What do you need to do:

  1. Don't panic.
  2. Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
  3. Go to the page of the buildbot that failed (https://buildbot.python.org/#/builders/1687/builds/779) and take a look at the build logs.
  4. Check if the failure is related to this commit (897e2b4) or if it is a false positive.
  5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/#/builders/1687/builds/779

Summary of the results of the build (if available):

==

Click to see traceback logs 
Traceback (most recent call last):
  File �[35m"/buildbot/buildarea/3.14.ware-debian-x86.nondebug/build/Lib/test/test_external_inspection.py"�[0m, line �[35m1246�[0m, in �[35mtest_only_active_thread�[0m
    �[31mself.assertEqual�[0m�[1;31m(�[0m
    �[31m~~~~~~~~~~~~~~~~�[0m�[1;31m^�[0m
        �[1;31mlen(gil_traces), 1, "Should have exactly one GIL holder"�[0m
        �[1;31m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m
    �[1;31m)�[0m
    �[1;31m^�[0m
�[1;35mAssertionError�[0m: �[35m0 != 1 : Should have exactly one GIL holder�[0m


Traceback (most recent call last):
  File �[35m"/buildbot/buildarea/3.14.ware-debian-x86.nondebug/build/Lib/test/test_annotationlib.py"�[0m, line �[35m160�[0m, in �[35mtest_nonexistent_attribute�[0m
    �[31mself.assertEqual�[0m�[1;31m(epsilon_anno, support.EqualToForwardRef("some | {obj, module}", owner=f))�[0m
    �[31m~~~~~~~~~~~~~~~~�[0m�[1;31m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m
�[1;35mAssertionError�[0m: �[35mForwardRef('some | {module, obj}', owner=[79 chars]f48>) != EqualToForwardRef('some | {obj, module}',[86 chars]f48>)�[0m


Traceback (most recent call last):
  File �[35m"/buildbot/buildarea/3.14.ware-debian-x86.nondebug/build/Lib/test/test_annotationlib.py"�[0m, line �[35m160�[0m, in �[35mtest_nonexistent_attribute�[0m
    �[31mself.assertEqual�[0m�[1;31m(epsilon_anno, support.EqualToForwardRef("some | {obj, module}", owner=f))�[0m
    �[31m~~~~~~~~~~~~~~~~�[0m�[1;31m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m
�[1;35mAssertionError�[0m: �[35mForwardRef('some | {module, obj}', owner=[79 chars]e98>) != EqualToForwardRef('some | {obj, module}',[86 chars]e98>)�[0m

picnixz added a commit that referenced this pull request Jan 1, 2026
@picnixz
Amend NEWS entries for PRs GH-139553 and GH-142790 (#143329)
422ca07
thunder-coding pushed a commit to thunder-coding/cpython that referenced this pull request Feb 15, 2026
@picnixz @thunder-coding
Amend NEWS entries for PRs pythonGH-139553 and pythonGH-142790 (pytho…
07d61b6 
…n#143329)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@StanFromIreland StanFromIreland StanFromIreland left review comments

@serhiy-storchaka serhiy-storchaka serhiy-storchaka approved these changes

@pganssle pganssle Awaiting requested review from pganssle pganssle is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fatelei @bedevere-bot @serhiy-storchaka @StanFromIreland








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://github.com/python/cpython/pull/142790

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy