Issue 24105: Use after free during json encoding a dict (3) (original) (raw)

Program received signal SIGSEGV, Segmentation fault.

0x40036740 in encoder_listencode_dict (s=0x405b43fc, acc=0xbf86438c, dct=<D at remote 0x405b2fb4>, indent_level=0)

at /home/p/Python-3.4.1/Modules/_json.c:1557

# 1557 PyList_SET_ITEM(items, i, item);

(gdb) print (PyListObject)items

$1 = {ob_base = {ob_base = {_ob_next = 0x405bcab4, _ob_prev = 0x40591184, ob_refcnt = 2, ob_type = 0x830e1c0 },

ob_size = 0}, ob_item = 0x0, allocated = 0}

(gdb) print i

$2 = 112233

"items" was cleared in hash, so we get a wild write at a controlled address.