python · kumaraditya303 · May 18, 2025 · May 16, 2025 · May 16, 2025 · May 16, 2025
@@ -223,6 +223,14 @@ def test_relative_import_no_package_exists_absolute(self):
             self.__import__('sys', {'__package__': '', '__spec__': None},
                             level=1)
 
+    def test_malicious_relative_import(self):
+        # testing for gh-134100
+        import sys
+        loooong = "".ljust(0x23000, "b")
+        sys.modules.update({f"a.{loooong}.c": {}})
+        with self.assertRaisesRegex(KeyError, r"'a\.b+' not in sys\.modules as expected"):
+            __import__(f"{loooong}.c", {"__package__": "a"}, level=1)
+
 
 (Frozen_RelativeImports,
  Source_RelativeImports

diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-16-17-25-52.gh-issue-134100.5-FbLK.rst
@@ -0,0 +1,2 @@
+Fixed a use-after-free bug that would occur when an imported module wasn't
+in :data:`sys.modules` after the initial import. Patch by Nico-Posada.
@@ -3854,15 +3854,17 @@ PyImport_ImportModuleLevelObject(PyObject *name, PyObject *globals,
                 }
 
                 final_mod = import_get_module(tstate, to_return);
-                Py_DECREF(to_return);
                 if (final_mod == NULL) {
                     if (!_PyErr_Occurred(tstate)) {
                         _PyErr_Format(tstate, PyExc_KeyError,
                                       "%R not in sys.modules as expected",
                                       to_return);
                     }
+                    Py_DECREF(to_return);
                     goto error;
                 }
+
+                Py_DECREF(to_return);
             }
         }
         else {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		Fixed a use-after-free bug that would occur when an imported module wasn't
		in :data:`sys.modules` after the initial import. Patch by Nico-Posada.
Nico-Posada marked this conversation as resolved. Outdated Show resolved Hide resolved