New submission from STINNER Victor <victor.stin...@haypocalc.com>: scanner_init() and encoder_init() don't manage errors correctly.
scanner_init() gets context.encoding argument without checking context type, nor GetAttrString() error. It should check for NULL result... which is done in the same function for other attributes (strict, object_hook, object_pairs_hook, parse_float, parse_int, parse_constant). Example to reproduce the crash: import _json _json.make_scanner(1) encoder_init() copies a refence (for each argument) without incrementing the reference counter. And then encoder_clear() decrements the reference, counter, which may crash Python. Example to reproduce the crash: import _json _json.make_encoder( (False, True), -826484143518891896, -56.0, "a", ) # do anything creating/destroying new objects " abc ".strip() len(" xef ".strip()) Attached patches for the crashes. ---------- files: _json_encoder_init.patch keywords: patch messages: 93068 nosy: haypo severity: normal status: open title: _json crash on scanner/encoder initialization error Added file: http://bugs.python.org/file14964/_json_encoder_init.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue6986> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com