[Python-Dev] What do we do about bad slicing and possible crashes (issue 27867)
tjreedy at udel.edu
Sat Aug 27 18:25:40 EDT 2016
Slicing can be made to malfunction and even crash with an 'evil'
__index__ method. https://bugs.python.org/issue27867
The crux of the problem is this: PySlice_GetIndicesEx
receives a slice object and a sequence length. Calling __index__ on the
start, stop, and step components can mutate the sequence and invalidate
the length. Adjusting the int values of start and stop according to an
invalid length (in particular, one that is too long) will result in
invalid results or a crash.
Possible actions -- very briefly. For more see end of
0. Do nothing.
1. Detect length change and raise.
2. Retrieve length after any possible changes and proceed as normal.
Possible implementation strategies for 1. and 2.
A. Change all functions that call PySlice_GetIndicesEx.
B. Add PySlice_GetIndicesEx2 (or ExEx?), which would receive *collection
instead of length, so the length could be retrieved after the __index__
calls. Change calls. Deprecate PySlice_GetIndicesEx.
Which of the 4 possible patches, if any, would be best?
I personally prefer 2B.
And what versions should be patched?
Terry Jan Reedy
More information about the Python-Dev