Address CVE-2019-20907 in tarfile module #3

ucodery · 2020-11-03T22:03:33Z

No description provided.

…python#91466) Fix an uninitialized bool in exception print context. `struct exception_print_context.need_close` was uninitialized. Found by oss-fuzz in a test case running under the undefined behavior sanitizer. https://oss-fuzz.com/testcase-detail/6217746058182656 ``` Python/pythonrun.c:1241:28: runtime error: load of value 253, which is not a valid value for type 'bool' #0 0xbf2203 in print_chained cpython3/Python/pythonrun.c:1241:28 #1 0xbea4bb in print_exception_cause_and_context cpython3/Python/pythonrun.c:1320:19 ActiveState#2 0xbea4bb in print_exception_recursive cpython3/Python/pythonrun.c:1470:13 ActiveState#3 0xbe9e39 in _PyErr_Display cpython3/Python/pythonrun.c:1517:9 ``` Pretty obvious what the ommission was upon code inspection.

Address CVE-2019-20907 in tarfile module

e8efbb4

shaunmlowry approved these changes Nov 4, 2020

View reviewed changes

shaunmlowry merged commit 02daa01 into 2.7 Nov 4, 2020

ucodery deleted the jeremyp/cve-20907 branch November 4, 2020 21:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Address CVE-2019-20907 in tarfile module #3

Address CVE-2019-20907 in tarfile module #3

Uh oh!

Uh oh!

Uh oh!

Address CVE-2019-20907 in tarfile module #3

Address CVE-2019-20907 in tarfile module #3

Uh oh!

Conversation

Uh oh!

Uh oh!