New submission from STINNER Victor <victor.stin...@haypocalc.com>:
scanner_init() and encoder_init() don't manage errors correctly.
scanner_init() gets context.encoding argument without checking context
type, nor GetAttrString() error. It should check for NULL result...
which is done in the same function for other attributes (strict,
object_hook, object_pairs_hook, parse_float, parse_int, parse_constant).
Example to reproduce the crash:
import _json
_json.make_scanner(1)
encoder_init() copies a refence (for each argument) without incrementing
the reference counter. And then encoder_clear() decrements the
reference, counter, which may crash Python.
Example to reproduce the crash:
import _json
_json.make_encoder(
(False, True),
-826484143518891896,
-56.0,
"a",
)
# do anything creating/destroying new objects
" abc ".strip()
len(" xef ".strip())
Attached patches for the crashes.
----------
files: _json_encoder_init.patch
keywords: patch
messages: 93068
nosy: haypo
severity: normal
status: open
title: _json crash on scanner/encoder initialization error
Added file: http://bugs.python.org/file14964/_json_encoder_init.patch
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue6986>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
