This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: PyArg_ParseTuple: refcount in nested tuples
Type: Stage:
Components: Interpreter Core Versions:
Status: closed Resolution: duplicate
Dependencies: Superseder:
Assigned To: Nosy List: arigo, georg.brandl
Priority: normal Keywords:

Created on 2010-12-06 13:43 by arigo, last changed 2022-04-11 14:57 by admin. This issue is now closed.

File name Uploaded Description Edit arigo, 2010-12-06 13:43 A new crasher
Messages (3)
msg123466 - (view) Author: Armin Rigo (arigo) * (Python committer) Date: 2010-12-06 13:43
There is an issue in PyArg_ParseTuple() when using nested tuple arguments: it accepts a pure Python tuple-like argument, but it cannot work properly because PyArg_ParseTuple() is supposed to return borrowed references to the objects.  For example, here is an attack on functools.partial().__setstate__(), which is written using

    PyArg_ParseTuple(args, "(OOOO)", ...)

Running crashes a debug build of Python, for me with Fatal Python error: _functoolsmodule.c:158 object at 0x9011748 has negative ref count -606348322.

The only way I can see to fix the crasher is to restrict the kind of argument that can be passed to mean a nested tuple.  To be paranoid, it should only allow real tuples; a bit more flexibly, lists probably work ok too.
msg123467 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2010-12-06 14:04
Duplicate of #6083?
msg123468 - (view) Author: Armin Rigo (arigo) * (Python committer) Date: 2010-12-06 14:14
Date User Action Args
2022-04-11 14:57:09adminsetgithub: 54847
2010-12-06 14:14:37arigosetstatus: open -> closed
resolution: duplicate
messages: + msg123468
2010-12-06 14:04:15georg.brandlsetnosy: + georg.brandl
messages: + msg123467
2010-12-06 13:43:16arigocreate