Author ronaldoussoren
Recipients pkt, ronaldoussoren, serhiy.storchaka, vstinner
Date 2015-07-22.11:51:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
In encoder_init (the __init__ for _json.Encoder) s->marker is set to an argument of __init__, without any kind of type check, it can therefore be an arbitrary object.

encoder_listencode_obj (and other functions) then use s->markers with the concrete API for dicts (such as PyDict_Contains). 

PyDict_Contains does not perform a type check, but casts its first argument to a PyDictObject and access fields. That causes problems when the marker isn't actually a dict.

I don't know the module good enough to be 100% sure about a fix, but I think it would be best to add a type check to encoder_init. 

BTW. As far as I know _json.make_encoder is a private API and shouldn't be used directly, when you use the public API the argument will always be a dict.
Date User Action Args
2015-07-22 11:51:45ronaldoussorensetrecipients: + ronaldoussoren, vstinner, serhiy.storchaka, pkt
2015-07-22 11:51:45ronaldoussorensetmessageid: <>
2015-07-22 11:51:45ronaldoussorenlinkissue24683 messages
2015-07-22 11:51:44ronaldoussorencreate