[New-bugs-announce] [issue10638] PyArg_ParseTuple: refcount in nested tuples
report at bugs.python.org
Mon Dec 6 14:43:19 CET 2010
New submission from Armin Rigo <arigo at users.sourceforge.net>:
There is an issue in PyArg_ParseTuple() when using nested tuple arguments: it accepts a pure Python tuple-like argument, but it cannot work properly because PyArg_ParseTuple() is supposed to return borrowed references to the objects. For example, here is an attack on functools.partial().__setstate__(), which is written using
PyArg_ParseTuple(args, "(OOOO)", ...)
Running crasher.py crashes a debug build of Python, for me with Fatal Python error: _functoolsmodule.c:158 object at 0x9011748 has negative ref count -606348322.
The only way I can see to fix the crasher is to restrict the kind of argument that can be passed to mean a nested tuple. To be paranoid, it should only allow real tuples; a bit more flexibly, lists probably work ok too.
components: Interpreter Core
title: PyArg_ParseTuple: refcount in nested tuples
Added file: http://bugs.python.org/file19953/crasher.py
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce