File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -1165,6 +1165,13 @@ static PyObject *PYXXH3_64_copy(PYXXH3_64Object *self)
11651165
11661166 p -> seed = self -> seed ;
11671167 XXH3_copyState (p -> xxhash_state , self -> xxhash_state );
1168+ #if XXH_VERSION_NUMBER < 704
1169+ // v0.7.3 and earlier have a bug where states reset with a seed
1170+ // will have a wild pointer to the original state when copied,
1171+ // causing a use-after-free if the original is freed.
1172+ if (p -> xxhash_state -> secret == & self -> xxhash_state -> customSecret [0 ])
1173+ p -> xxhash_state -> secret = & p -> xxhash_state -> customSecret [0 ];
1174+ #endif
11681175
11691176 return (PyObject * )p ;
11701177}
@@ -1490,6 +1497,13 @@ static PyObject *PYXXH3_128_copy(PYXXH3_128Object *self)
14901497
14911498 p -> seed = self -> seed ;
14921499 XXH3_copyState (p -> xxhash_state , self -> xxhash_state );
1500+ #if XXH_VERSION_NUMBER < 704
1501+ // v0.7.3 and earlier have a bug where states reset with a seed
1502+ // will have a wild pointer to the original state when copied,
1503+ // causing a use-after-free if the original is freed.
1504+ if (p -> xxhash_state -> secret == & self -> xxhash_state -> customSecret [0 ])
1505+ p -> xxhash_state -> secret = & p -> xxhash_state -> customSecret [0 ];
1506+ #endif
14931507
14941508 return (PyObject * )p ;
14951509}
You can’t perform that action at this time.
0 commit comments