Serhiy Storchaka dcc6117628

[3.13] gh-143378: Fix use-after-free when BytesIO is concurrently mutated during write operations (GH-143408) (GH-143600) ...

PyObject_GetBuffer() can execute user code (e.g. via __buffer__), which may
close or otherwise mutate a BytesIO object while write() or writelines()
is in progress. This could invalidate the internal buffer and lead to a
use-after-free.

Ensure that PyObject_GetBuffer() is called before validation checks.
(cherry picked from commit 6d54b6ac7d5744e1f59d784c8e020d632d2959a3)

Co-authored-by: zhong <60600792+superboy-zjc@users.noreply.github.com>

2026-01-12 10:37:28 +02:00

..

clinic

[3.13] gh-128083: Fix macro redefinition warning in clinic. (GH-127950) (#128102)

2024-12-19 21:29:14 +00:00

_iomodule.c

gh-116322: Add Py_mod_gil module slot (#116882)

2024-05-03 11:30:55 -04:00

_iomodule.h

gh-101819: Isolate _io (#101948)

2023-05-15 09:26:27 +00:00

bufferedio.c

[3.13] gh-135607: remove null checking of weakref list in dealloc of extension modules and objects (#135614) (#136126)

2025-07-01 11:26:52 +02:00

bytesio.c

[3.13] gh-143378: Fix use-after-free when BytesIO is concurrently mutated during write operations (GH-143408) (GH-143600)

2026-01-12 10:37:28 +02:00

fileio.c

[3.13] gh-135607: remove null checking of weakref list in dealloc of extension modules and objects (#135614) (#136126)

2025-07-01 11:26:52 +02:00

iobase.c

[3.13] gh-140607: Validate returned byte count in RawIOBase.read (GH-140611) (#140730)

2025-10-29 13:31:57 +01:00

stringio.c

[3.13] gh-135607: remove null checking of weakref list in dealloc of extension modules and objects (#135614) (#136126)

2025-07-01 11:26:52 +02:00

textio.c

[3.13] gh-142594: fix by property calls io.TextIOWrapper.detach (GH-142706) (GH-142757)

2025-12-16 10:55:35 +01:00

winconsoleio.c

[3.13] gh-135607: remove null checking of weakref list in dealloc of extension modules and objects (#135614) (#136126)

2025-07-01 11:26:52 +02:00