It is possible to get a core dump by using uninitialized _json objects.

$ ./python -c "import _json; _json.make_scanner.__new__(_json.make_scanner)('', 0)"
Segmentation fault (core dumped)
$ ./python -c "import _json; _json.make_encoder.__new__(_json.make_encoder)([0], 0)"
Segmentation fault (core dumped)

The cause is that make_scanner and make_encoder classes implement __new__ and __init__. The __new__ methods create uninitialized object, with NULLs pointers, the __init__ methods initialize them. Possible solutions are: 1) set fields to Py_None rather than NULL in __new__; 2) check every pointer for NULL before using; 3) just remove __init__ methods and make initialization in __new__ methods. Since the scanner and the encoder are not inheritable classes, the latter solution look the most preferable to me.

Repeated calling of the __init__ method caused memory leaks.

New changeset 76a3e51a403bc84ed536921866c86dd7d07aaa7e by Serhiy Storchaka in branch 'master':
bpo-30243: Fixed the possibility of a crash in _json. (#1420)
https://github.com/python/cpython/commit/76a3e51a403bc84ed536921866c86dd7d07aaa7e

New changeset 39b73dd5131ce205dcee3b9e24ba0fc28934d79c by Serhiy Storchaka in branch '3.6':
[3.6] bpo-30243: Fixed the possibility of a crash in _json. (GH-1420) (#1469)
https://github.com/python/cpython/commit/39b73dd5131ce205dcee3b9e24ba0fc28934d79c

New changeset ee2294860e224c2b08cc6847d3c9a0ec3875c3d8 by Serhiy Storchaka in branch '3.5':
[3.5] bpo-30243: Fixed the possibility of a crash in _json. (GH-1420) (#1470)
https://github.com/python/cpython/commit/ee2294860e224c2b08cc6847d3c9a0ec3875c3d8

New changeset 5d7a18f3b65bd958d876391cca3c381396021639 by Serhiy Storchaka in branch '2.7':
[2.7] bpo-30243: Fixed the possibility of a crash in _json. (GH-1420) (#1471)
https://github.com/python/cpython/commit/5d7a18f3b65bd958d876391cca3c381396021639