[Python-Dev] Let's update CObject API so it is safe and regular!

Larry Hastings larry at hastings.org
Thu Apr 2 02:39:34 CEST 2009


Guido van Rossum wrote:
> This is a bug in cPickle. It calls the PycString_IMPORT macro at the
> very end of its init_stuff() function without checking for success.
>   

The bug you cite is a genuine bug, but that's not what I'm exploiting.

% python
 >>> import _socket
 >>> _socket.CAPI
<PyCObject object at 0xb7d5b500>

The PyCObject_Import() call in PycString_IMPORT doesn't return 
failure--it returns a valid CObject.  I stuck the *wrong* CObject in 
cStringIO on purpose.  With the current API there's no way for cPickle 
to tell that it's using the wrong one.

For what it's worth, the previous example was for Python 2.x.  (Python 3 
doesn't have "cStringIO" or "cPickle".)  Here's an example that crashes 
python in my py3k/trunk (sync'd Monday morning).  And this one's only 
three lines:

    import unicodedata
    import _multibytecodec
    _multibytecodec.__create_codec(unicodedata.ucnhash_CAPI)



/larry/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20090401/8f35da5d/attachment.htm>


More information about the Python-Dev mailing list