On Feb 5, 2008 2:07 PM, Amaury Forgeot d'Arc <[EMAIL PROTECTED]> wrote: > Guido van Rossum wrote: > > I think we really *are* talking about the caller -- the caller owns > > the dict, if it managed to delete something from the dict before the > > callee can incref it, you'd have trouble. I don't immediately see how > > this could happen, which is probably why I left it as an XXX > > comment... > > I found one way to call python code before the callee can incref the > args: the __eq__ between variable names and the dict entries. The > following snippet crashes the trunk version on win32: > > class Name(str): > def __eq__(self, other): > del d[self] > return str.__eq__(self, other) > def __hash__(self): > return str.__hash__(self) > > d = {Name("a"):1, Name("b"):2} > def f(a, b): print a,b > > f(**d) # Segfault > > > There are several variants of this crasher; they all have more than > one keyword argument, and keywords strings must override __eq__ or > __hash__. > I could not find any other way to execute python code in this area.
Thanks Amaury! Do you think it would be sufficient to change the PyString_Check() call in PyEval_EvalCodeEx into a PyString_CheckExact() call? Or is the proper fix to incref the values going into the kw array and decref them upon exit? -- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com