On Sat, Jun 04, 2022 at 11:04:47AM +0100, Richard W.M. Jones wrote:
On Fri, Jun 03, 2022 at 05:26:31PM -0500, Eric Blake wrote:
> Python 3.10 added PyModule_AddObjectRef() to more easily avoid a
> common memory leak when ading to a module fails (unlikely in our case,
> since we initialize early in the python process, but still something
> we must worry about for corner-case correctness). But since we target
> older Python, we must check for errors and clean up ourselves.
>
> Fixes: 259d46cb ("python: Raise a custome exception containing error string and
errno.", v0.1.6)
> ---
> generator/Python.ml | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/generator/Python.ml b/generator/Python.ml
> index 1c4446e..3f672ba 100644
> --- a/generator/Python.ml
> +++ b/generator/Python.ml
> @@ -143,9 +143,11 @@ let
> return NULL;
>
> nbd_internal_py_Error = PyErr_NewException (\"nbd.Error\", NULL,
NULL);
> - if (nbd_internal_py_Error == NULL)
> + if (PyModule_AddObject (mod, \"Error\", nbd_internal_py_Error) < 0)
{
> + Py_XDECREF (nbd_internal_py_Error);
> + Py_DECREF (mod);
> return NULL;
> - PyModule_AddObject (mod, \"Error\", nbd_internal_py_Error);
> + }
>
Reviewed-by: Richard W.M. Jones <rjones(a)redhat.com>
This one is now 9c5b0ea; but the rest of the series needs a v2,
because I discovered over the weekend that we have a rather easily
avoidable heap leak:
h.aio_pwrite(nbd.Buffer(1024))
currently writes 1024 bytes of uninitialized heap into the
destination, rather than all zeroes. Similarly, even though Python's
bytearray(1024) is deterministically all zeroes,
nbd.Buffer(0).is_zero() is non-deterministic.
This is not as severe as CVE-2022-0485 (I don't know of any way for a
server to trigger the heap leak; this requires poor Python programming
that we've already documented is unsafe), so I'm going ahead and
posting a fix for it later today without pursuing a CVE.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization:
qemu.org |
libvirt.org