[Python-Dev] What do we do about bad slicing and possible crashes (issue 27867)

Ethan Furman ethan at stoneleaf.us
Mon Aug 29 12:18:00 EDT 2016


On 08/28/2016 09:26 AM, Nick Coghlan wrote:
> On 28 August 2016 at 08:25, Terry Reedy <tjreedy at udel.edu> wrote:
>> Slicing can be made to malfunction and even crash with an 'evil' __index__
>> method. https://bugs.python.org/issue27867
>>
>> The crux of the problem is this: PySlice_GetIndicesEx
>> receives a slice object and a sequence length.  Calling __index__ on the
>> start, stop, and step components can mutate the sequence and invalidate the
>> length.  Adjusting the int values of start and stop according to an invalid
>> length (in particular, one that is too long) will result in invalid results
>> or a crash.
>>
>> Possible actions -- very briefly.  For more see end of
>> https://bugs.python.org/issue27867?@ok_message=msg 273801
>> 0. Do nothing.
>> 1. Detect length change and raise.
>
> I suggest taking this path - it's the lowest impact, and akin to the
> "dictionary changed size during iteration" runtime error.

+1.  Being able to do such strange things with list but not dict would be irritating and a nuisance (although maybe not attractive ;) .

> __index__ having side effects is pathological code behaviour, so we
> really just need to prevent the interpreter crash, rather than trying
> to make it sense of it.

Agreed.

--
~Ethan~


More information about the Python-Dev mailing list