[New-bugs-announce] [issue30243] Core dump when use uninitialized _json objects

Serhiy Storchaka report at bugs.python.org
Wed May 3 02:41:50 EDT 2017

New submission from Serhiy Storchaka:

It is possible to get a core dump by using uninitialized _json objects.

$ ./python -c "import _json; _json.make_scanner.__new__(_json.make_scanner)('', 0)"
Segmentation fault (core dumped)
$ ./python -c "import _json; _json.make_encoder.__new__(_json.make_encoder)([0], 0)"
Segmentation fault (core dumped)

The cause is that make_scanner and make_encoder classes implement __new__ and __init__. The __new__ methods create uninitialized object, with NULLs pointers, the __init__ methods initialize them. Possible solutions are: 1) set fields to Py_None rather than NULL in __new__; 2) check every pointer for NULL before using; 3) just remove __init__ methods and make initialization in __new__ methods. Since the scanner and the encoder are not inheritable classes, the latter solution look the most preferable to me.

components: Extension Modules
messages: 292846
nosy: bob.ippolito, ezio.melotti, rhettinger, serhiy.storchaka
priority: normal
severity: normal
status: open
title: Core dump when use uninitialized _json objects
type: crash
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list