[3.12] gh-120384: Fix array-out-of-bounds crash in list_ass_subscript (GH-120442)
#120825
Conversation
pythonGH-120442) (cherry picked from commit 8334a1b) Co-authored-by: Nikita Sobolev <mail@sobolevn.me>
gpshead
added
needs backport to 3.8
needs backport to 3.9
|
Thanks @miss-islington for the PR, and @sobolevn for merging it 🌮🎉.. I'm working now to backport this PR to: 3.9. |
|
Thanks @miss-islington for the PR, and @sobolevn for merging it 🌮🎉.. I'm working now to backport this PR to: 3.10. |
|
Thanks @miss-islington for the PR, and @sobolevn for merging it 🌮🎉.. I'm working now to backport this PR to: 3.8. |
|
Thanks @miss-islington for the PR, and @sobolevn for merging it 🌮🎉.. I'm working now to backport this PR to: 3.11. |
|
Sorry, @miss-islington and @sobolevn, I could not cleanly backport this to |
|
Sorry, @miss-islington and @sobolevn, I could not cleanly backport this to |
|
Sorry, @miss-islington and @sobolevn, I could not cleanly backport this to |
|
Sorry, @miss-islington and @sobolevn, I could not cleanly backport this to |
|
I'm exploring the feasibility of backports as, while we don't as a project consider the ability to execute arbitrary code when executing Python bytecode a security problem - because arbitrary code is just that. There are projects that'd benefit from this bugfix being in place from a security standpoint. It looks like it'll require some hand-holding to backport. |
pythonGH-120442) (python#120825) pythongh-120384: Fix array-out-of-bounds crash in `list_ass_subscript` (pythonGH-120442) (cherry picked from commit 8334a1b) Co-authored-by: Nikita Sobolev <mail@sobolevn.me>
|
@gpshead do you want me to do that? :) |
|
No need, I've already created #121345 for that. I'll let the 3.11 and earlier release managers decide if they want it. |
(cherry picked from commit 8334a1b)
Co-authored-by: Nikita Sobolev mail@sobolevn.me