_interpqueuesmodule.c: Use-after-free from dangling items.last pointer
Crash report
What happened?
Summary
_queue_clear_interpreter in Modules/_interpqueuesmodule.c (lines 739-774) never updates queue->items.last when removing the tail item. After the item is freed, items.last is a dangling pointer. Next queue operation writes to freed memory.
I have a working patch on this issue, will sending the PR later.
CPython versions tested on:
CPython main branch
Operating systems tested on:
No response
Output from running 'python -VV' on the command line:
No response