Message 382971 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	ZackerySpytz, espie, petr.viktorin, rhettinger, serhiy.storchaka, skrah, vstinner
Date	2020-12-14.09:56:04
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1607939764.62.0.669809168599.issue30459@roundup.psfhosted.org>
In-reply-to

Content
> That's not true; at least ALSA's python bindings use PyTuple_SET_ITEM as a lvalue as well. alsa-python used PyTuple_SET_ITEM(..., obj) to decide if it should call Py_INCREF(obj). This code looks suspicious. PyTuple_SET_ITEM() should not be used to set an item to NULL. It's already fixed: https://github.com/alsa-project/alsa-python/commit/5ea2f8709b4d091700750661231f8a3ddce0fc7c IMO it's a good thing that such suspicious code is discovered. The surprising part is that it worked previously :-) Downstream Fedora issue: https://bugzilla.redhat.com/show_bug.cgi?id=1906380 (CLOSED)

> That's not true; at least ALSA's python bindings use PyTuple_SET_ITEM as a lvalue as well.

alsa-python used PyTuple_SET_ITEM(..., obj) to decide if it should call Py_INCREF(obj). This code looks suspicious. PyTuple_SET_ITEM() should not be used to set an item to NULL.

It's already fixed:
https://github.com/alsa-project/alsa-python/commit/5ea2f8709b4d091700750661231f8a3ddce0fc7c

IMO it's a good thing that such suspicious code is discovered. The surprising part is that it worked previously :-)

Downstream Fedora issue: https://bugzilla.redhat.com/show_bug.cgi?id=1906380 (CLOSED)

History
Date	User	Action	Args
2020-12-14 09:56:04	vstinner	set	recipients: + vstinner, rhettinger, petr.viktorin, skrah, serhiy.storchaka, espie, ZackerySpytz
2020-12-14 09:56:04	vstinner	set	messageid: <1607939764.62.0.669809168599.issue30459@roundup.psfhosted.org>
2020-12-14 09:56:04	vstinner	link	issue30459 messages
2020-12-14 09:56:04	vstinner	create