This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients vstinner
Date 2009-09-24.11:21:04
SpamBayes Score 2.192011e-08
Marked as misclassified No
Message-id <1253791266.79.0.0913001727674.issue6986@psf.upfronthosting.co.za>
In-reply-to
Content 
scanner_init() and encoder_init() don't manage errors correctly.

scanner_init() gets context.encoding argument without checking context
type, nor GetAttrString() error. It should check for NULL result...
which is done in the same function for other attributes (strict,
object_hook, object_pairs_hook, parse_float, parse_int, parse_constant).

Example to reproduce the crash:
   import _json
   _json.make_scanner(1)

encoder_init() copies a refence (for each argument) without incrementing
the reference counter. And then encoder_clear() decrements the
reference, counter, which may crash Python.

Example to reproduce the crash:
   import _json
   _json.make_encoder(
           (False, True),
           -826484143518891896,
           -56.0,
           "a",
       )
   # do anything creating/destroying new objects
   " abc ".strip()
   len(" xef ".strip())

Attached patches for the crashes.
History
Date User Action Args
2009-09-24 11:21:06vstinnersetrecipients: + vstinner
2009-09-24 11:21:06vstinnersetmessageid: <1253791266.79.0.0913001727674.issue6986@psf.upfronthosting.co.za>
2009-09-24 11:21:05vstinnerlinkissue6986 messages
2009-09-24 11:21:05vstinnercreate