New submission from Armin Rigo <ar...@users.sourceforge.net>:
There is an issue in PyArg_ParseTuple() when using nested tuple arguments: it
accepts a pure Python tuple-like argument, but it cannot work properly because
PyArg_ParseTuple() is supposed to return borrowed references to the objects.
For example, here is an attack on functools.partial().__setstate__(), which is
written using
PyArg_ParseTuple(args, "(OOOO)", ...)
Running crasher.py crashes a debug build of Python, for me with Fatal Python
error: _functoolsmodule.c:158 object at 0x9011748 has negative ref count
-606348322.
The only way I can see to fix the crasher is to restrict the kind of argument
that can be passed to mean a nested tuple. To be paranoid, it should only
allow real tuples; a bit more flexibly, lists probably work ok too.
----------
components: Interpreter Core
files: crasher.py
messages: 123466
nosy: arigo
priority: normal
severity: normal
status: open
title: PyArg_ParseTuple: refcount in nested tuples
Added file: http://bugs.python.org/file19953/crasher.py
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue10638>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
