[New-bugs-announce] [issue34441] NULL dereference when issubclass() is called on a class with bogus __subclasses__
Alexey Izbyshev
report at bugs.python.org
Mon Aug 20 09:41:11 EDT 2018
New submission from Alexey Izbyshev <izbyshev at ispras.ru>:
>>> from abc import ABCMeta
>>> class S(metaclass=ABCMeta):
... __subclasses__ = None
...
>>> issubclass(int, S)
Segmentation fault (core dumped)
This is the result of missing NULL check for 'subclasses' in _abc__abc_subclasscheck_impl (Modules/_abc.c):
/* 6. Check if it's a subclass of a subclass (recursive). */
subclasses = PyObject_CallMethod(self, "__subclasses__", NULL);
if (!PyList_Check(subclasses)) {
PyErr_SetString(PyExc_TypeError, "__subclasses__() must return a list");
goto end;
}
Reported by Svace static analyzer.
----------
components: Extension Modules
messages: 323789
nosy: inada.naoki, izbyshev, levkivskyi, serhiy.storchaka
priority: normal
severity: normal
status: open
title: NULL dereference when issubclass() is called on a class with bogus __subclasses__
type: crash
versions: Python 3.7, Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34441>
_______________________________________
More information about the New-bugs-announce
mailing list