-Original Message-
From: Amaury Forgeot d'Arc [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 06, 2008 00:02
To: Guido van Rossum
Cc: Kristján Valur Jónsson; python-dev@python.org
Subject: Re: [Python-Dev] XXX - in funcobject.c
Yet Another Kind Of Tuple... However this seems
Hello there.
in function_call() in funcobject.c, we have this comment:
/* XXX This is broken if the caller deletes dict items! */
Now, I wonder what specifically is meant here? are we really talking about
the 'callee' here?
In PyEval_EvalCodeEx() it looks as though all keywords are always
I think we really *are* talking about the caller -- the caller owns
the dict, if it managed to delete something from the dict before the
callee can incref it, you'd have trouble. I don't immediately see how
this could happen, which is probably why I left it as an XXX
comment...
--Guido
On Feb 5,
Guido van Rossum wrote:
I think we really *are* talking about the caller -- the caller owns
the dict, if it managed to delete something from the dict before the
callee can incref it, you'd have trouble. I don't immediately see how
this could happen, which is probably why I left it as an XXX
On Feb 5, 2008 2:07 PM, Amaury Forgeot d'Arc [EMAIL PROTECTED] wrote:
Guido van Rossum wrote:
I think we really *are* talking about the caller -- the caller owns
the dict, if it managed to delete something from the dict before the
callee can incref it, you'd have trouble. I don't
Guido van Rossum wrote:
Thanks Amaury! Do you think it would be sufficient to change the
PyString_Check() call in PyEval_EvalCodeEx into a
PyString_CheckExact() call?
This would prevent this attack, but would remain fragile - future
developments could allow execution of python code somewhere.
On Feb 5, 2008 4:02 PM, Amaury Forgeot d'Arc [EMAIL PROTECTED] wrote:
Guido van Rossum wrote:
Thanks Amaury! Do you think it would be sufficient to change the
PyString_Check() call in PyEval_EvalCodeEx into a
PyString_CheckExact() call?
This would prevent this attack, but would remain