Title: PyList_GetItem() result and parameters not fully validated
msg76605 - (view) Author: Brian Szuter (CWRU_Researcher1) Date: 2008-11-29 17:06
Lines 106, 144

PyString_Check() is not called on the result of PyList_GetItem() and the
first parameter of PyList_GetItem() does not have PyList_Check() called
on it.
(See Python-2.5.2/Python/traceback.c(tb_displayline) for a correct
instance of the pattern)
msg76617 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2008-11-29 18:21
Python/codecs.c line 144-147:

	func = PyList_GetItem(interp->codec_search_path, i);
	if (func == NULL)
	    goto onError;
	result = PyEval_CallObject(func, args);

The "func" result is expected to be a callable, not a string.

The code for PyList_GetItem does the list check.
