This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author arigo
Recipients arigo
Date 2010-12-06.13:43:16
SpamBayes Score 1.6448731e-11
Marked as misclassified No
Message-id <1291642999.53.0.225447944395.issue10638@psf.upfronthosting.co.za>
In-reply-to
Content 
There is an issue in PyArg_ParseTuple() when using nested tuple arguments: it accepts a pure Python tuple-like argument, but it cannot work properly because PyArg_ParseTuple() is supposed to return borrowed references to the objects.  For example, here is an attack on functools.partial().__setstate__(), which is written using

    PyArg_ParseTuple(args, "(OOOO)", ...)

Running crasher.py crashes a debug build of Python, for me with Fatal Python error: _functoolsmodule.c:158 object at 0x9011748 has negative ref count -606348322.

The only way I can see to fix the crasher is to restrict the kind of argument that can be passed to mean a nested tuple.  To be paranoid, it should only allow real tuples; a bit more flexibly, lists probably work ok too.
History
Date User Action Args
2010-12-06 13:43:19arigosetrecipients: + arigo
2010-12-06 13:43:19arigosetmessageid: <1291642999.53.0.225447944395.issue10638@psf.upfronthosting.co.za>
2010-12-06 13:43:16arigolinkissue10638 messages
2010-12-06 13:43:16arigocreate