[Python-checkins] cpython (merge 3.3 -> default): Issue #16447: Merge fix from 3.3.
mark.dickinson
python-checkins at python.org
Sat Apr 13 16:30:37 CEST 2013
http://hg.python.org/cpython/rev/c8d771f10022
changeset: 83285:c8d771f10022
parent: 83280:4d4277941a45
parent: 83284:e6d1328412c8
user: Mark Dickinson <dickinsm at gmail.com>
date: Sat Apr 13 15:30:16 2013 +0100
summary:
Issue #16447: Merge fix from 3.3.
files:
Lib/test/test_descr.py | 14 ++++++++++++++
Misc/NEWS | 3 +++
Objects/typeobject.c | 5 ++++-
3 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/Lib/test/test_descr.py b/Lib/test/test_descr.py
--- a/Lib/test/test_descr.py
+++ b/Lib/test/test_descr.py
@@ -3997,6 +3997,20 @@
C.__name__ = 'D.E'
self.assertEqual((C.__module__, C.__name__), (mod, 'D.E'))
+ def test_evil_type_name(self):
+ # A badly placed Py_DECREF in type_set_name led to arbitrary code
+ # execution while the type structure was not in a sane state, and a
+ # possible segmentation fault as a result. See bug #16447.
+ class Nasty(str):
+ def __del__(self):
+ C.__name__ = "other"
+
+ class C:
+ pass
+
+ C.__name__ = Nasty("abc")
+ C.__name__ = "normal"
+
def test_subclass_right_op(self):
# Testing correct dispatch of subclass overloading __r<op>__...
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,9 @@
Core and Builtins
-----------------
+- Issue #16447: Fixed potential segmentation fault when setting __name__ on a
+ class.
+
- Issue #17669: Fix crash involving finalization of generators using yield from.
- Issue #14439: Python now prints the traceback on runpy failure at startup.
diff --git a/Objects/typeobject.c b/Objects/typeobject.c
--- a/Objects/typeobject.c
+++ b/Objects/typeobject.c
@@ -298,10 +298,13 @@
Py_INCREF(value);
- Py_DECREF(et->ht_name);
+ /* Wait until et is a sane state before Py_DECREF'ing the old et->ht_name
+ value. (Bug #16447.) */
+ tmp = et->ht_name;
et->ht_name = value;
type->tp_name = tp_name;
+ Py_DECREF(tmp);
return 0;
}
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list