Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

gh-92930: _pickle.c: Acquire strong references before calling save()#92931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
sweeneyde merged 11 commits intopython:mainfromsweeneyde:picklecrasher
Jun 11, 2022
Merged
Show file tree
Hide file tree
Changes from1 commit
Commits
Show all changes
11 commits
Select commitHold shift + click to select a range
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
NextNext commit
Acquire strong references after PyDict_Next
  • Loading branch information
@sweeneyde
sweeneyde committedMay 18, 2022
commit9b707556e04ba81b6f52607cf27565d4d395def2
39 changes: 39 additions & 0 deletionsLib/test/pickletester.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -3035,6 +3035,45 @@ def check_array(arr):
# 2-D, non-contiguous
check_array(arr[::2])

def test_evil_class_mutating_dict(self):
from random import getrandbits

global Bad
class Bad:
def __eq__(self, other):
if not ENABLED:
return False
return getrandbits(4) == 0
def __hash__(self):
return getrandbits(1)
def __reduce__(self):
break_things()
return (Bad, (), ())
def __setstate__(self, *args):
break_things()
def __del__(self):
break_things()
def __getattr__(self):
break_things()

def break_things():
if ENABLED and getrandbits(6) == 0:
collection.clear()

for proto in protocols:
for _ in range(20):
ENABLED = False
collection = {Bad(): Bad() for _ in range(50)}
for bad in collection:
bad.bad = bad
bad.collection = collection
ENABLED = True
try:
self.loads(self.dumps(collection, proto))
except RuntimeError as e:
expected = "changed size during iteration"
self.assertIn(expected, str(e))


class BigmemPickleTests:

Expand Down
32 changes: 24 additions & 8 deletionsModules/_pickle.c
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -3259,10 +3259,16 @@ batch_dict_exact(PicklerObject *self, PyObject *obj)
/* Special-case len(d) == 1 to save space. */
if (dict_size == 1) {
PyDict_Next(obj, &ppos, &key, &value);
if (save(self, key, 0) < 0)
return -1;
if (save(self, value, 0) < 0)
return -1;
Py_INCREF(key);
Py_INCREF(value);
if (save(self, key, 0) < 0) {
goto error;
}
if (save(self, value, 0) < 0) {
goto error;
}
Py_CLEAR(key);
Py_CLEAR(value);
if (_Pickler_Write(self, &setitem_op, 1) < 0)
return -1;
return 0;
Expand All@@ -3274,10 +3280,16 @@ batch_dict_exact(PicklerObject *self, PyObject *obj)
if (_Pickler_Write(self, &mark_op, 1) < 0)
return -1;
while (PyDict_Next(obj, &ppos, &key, &value)) {
if (save(self, key, 0) < 0)
return -1;
if (save(self, value, 0) < 0)
return -1;
Py_INCREF(key);
Py_INCREF(value);
if (save(self, key, 0) < 0) {
goto error;
}
if (save(self, value, 0) < 0) {
goto error;
}
Py_CLEAR(key);
Py_CLEAR(value);
if (++i == BATCHSIZE)
break;
}
Expand All@@ -3292,6 +3304,10 @@ batch_dict_exact(PicklerObject *self, PyObject *obj)

} while (i == BATCHSIZE);
return 0;
error:
Py_XDECREF(key);
Py_XDECREF(value);
return -1;
}

static int
Expand Down
[8]ページ先頭
©2009-2025 Movatter.jp