[Python-bugs-list] [ python-Bugs-759227 ] improbable __nonzero__ crash
SourceForge.net
noreply@sourceforge.net
Mon, 23 Jun 2003 10:01:44 -0700
Bugs item #759227, was opened at 2003-06-23 09:45
Message generated for change (Comment added) made by nnorwitz
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=759227&group_id=5470
Category: Python Interpreter Core
Group: Python 2.3
Status: Open
Resolution: None
Priority: 7
Submitted By: Armin Rigo (arigo)
Assigned to: Nobody/Anonymous (nobody)
Summary: improbable __nonzero__ crash
Initial Comment:
>>> class X(object):
... def __nonzero__(self):
... return self
...
>>> x=X()
>>> not x
Segmentation fault
This is just a stupid artificial exploit of the fact
that PyObject_IsTrue calls the user-defined __nonzero__
and get a Python object whose truth-value itself is
determined by a call to PyObject_IsTrue.
For old-style classes we check that __nonzero__
actually returned an int. This trick was safe, but no
longer is, because it could be a subclass of int with a
custom __nonzero__ again.
----------------------------------------------------------------------
>Comment By: Neal Norwitz (nnorwitz)
Date: 2003-06-23 13:01
Message:
Logged In: YES
user_id=33168
Note: the patch doesn't address a case of mutual recursion
where 2 or more objects are involved. That could be fixed
by tying the call into the recursion limit. Not sure how
difficult that is or if it's worth it.
----------------------------------------------------------------------
Comment By: Neal Norwitz (nnorwitz)
Date: 2003-06-23 12:58
Message:
Logged In: YES
user_id=33168
This is also a 2.2.3 problem. This seems easy enough to fix
(patch attached), but the question is what should the answer
be? I made it return 1 (true). Should it be an exception?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=759227&group_id=5470