Message 256073 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	myronww
Recipients	martin.panter, myronww
Date	2015-12-07.21:42:10
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1449524530.75.0.717459129523.issue25716@psf.upfronthosting.co.za>
In-reply-to

Content
I think this usage of 'call_method' from typeobject.c would cause it to leak. static PyObject* slot_sq_slice(PyObject self, Py_ssize_t i, Py_ssize_t j) { static PyObject getslice_str; if (PyErr_WarnPy3k("in 3.x, __getslice__ has been removed; " "use __getitem__", 1) < 0) return NULL; return call_method(self, "__getslice__", &getslice_str, "nn", i, j); <<<<<<< Maybe Bad Format Str <<<<<<< } Looks like the only place in 'call_method' that could cause args to be NULL is if 'Py_VaBuildValue' which calls 'va_build_value' returns NULL. 'va_build_value' calls 'countformat' on the format string and 'countformat' looks for some escaping in the format string. If no special format characters like '(' or '{' are not found, then the count might be incremented but when the NULL terminator on the end of the string is hit, the 'countformat' will return -1. So I believe this method has a bug because it doesn't look to be using the formatter correctly and also it looks like it might cause a leak.

I think this usage of 'call_method' from typeobject.c would cause it to leak.

static PyObject*
slot_sq_slice(PyObject *self, Py_ssize_t i, Py_ssize_t j)
{
	static PyObject *getslice_str;

	if (PyErr_WarnPy3k("in 3.x, __getslice__ has been removed; "
			    "use __getitem__", 1) < 0)
		return NULL;
	return call_method(self, "__getslice__", &getslice_str,
		"nn", i, j);      <<<<<<< Maybe Bad Format Str <<<<<<<
}

Looks like the only place in 'call_method' that could cause args to be NULL is if 'Py_VaBuildValue' which calls 'va_build_value' returns NULL.  'va_build_value' calls 'countformat' on the format string and 'countformat' looks for some escaping in the format string.  If no special format characters like '(' or '{' are not found, then the count might be incremented but when the NULL terminator on the end of the string is hit, the 'countformat' will return -1.

So I believe this method has a bug because it doesn't look to be using the formatter correctly and also it looks like it might cause a leak.

History
Date	User	Action	Args
2015-12-07 21:42:10	myronww	set	recipients: + myronww, martin.panter
2015-12-07 21:42:10	myronww	set	messageid: <1449524530.75.0.717459129523.issue25716@psf.upfronthosting.co.za>
2015-12-07 21:42:10	myronww	link	issue25716 messages
2015-12-07 21:42:10	myronww	create