-
-
Notifications
You must be signed in to change notification settings - Fork 33.2k
Closed
Labels
interpreter-core(Objects, Python, Grammar, and Parser dirs)(Objects, Python, Grammar, and Parser dirs)type-crashA hard crash of the interpreter, possibly with a core dumpA hard crash of the interpreter, possibly with a core dump
Description
Lines 1251 to 1285 in 4d8959b
static int | |
positional_only_passed_as_keyword(PyThreadState *tstate, PyCodeObject *co, | |
Py_ssize_t kwcount, PyObject* kwnames, | |
PyObject *qualname) | |
{ | |
int posonly_conflicts = 0; | |
PyObject* posonly_names = PyList_New(0); | |
for(int k=0; k < co->co_posonlyargcount; k++){ | |
PyObject* posonly_name = PyTuple_GET_ITEM(co->co_localsplusnames, k); | |
for (int k2=0; k2<kwcount; k2++){ | |
/* Compare the pointers first and fallback to PyObject_RichCompareBool*/ | |
PyObject* kwname = PyTuple_GET_ITEM(kwnames, k2); | |
if (kwname == posonly_name){ | |
if(PyList_Append(posonly_names, kwname) != 0) { | |
goto fail; | |
} | |
posonly_conflicts++; | |
continue; | |
} | |
int cmp = PyObject_RichCompareBool(posonly_name, kwname, Py_EQ); | |
if ( cmp > 0) { | |
if(PyList_Append(posonly_names, kwname) != 0) { | |
goto fail; | |
} | |
posonly_conflicts++; | |
} else if (cmp < 0) { | |
goto fail; | |
} | |
} | |
} |
This implemention doesn't take in account case when PyList_New
returns NULL
.
If PyList_New(0)
returns a NULL
, PyList_Append
will be failed with segfault, cause of Py_TYPE
, which will try to reach out ob_type
. of (PyObject *) NULL
.
This hard to reproduce, because the only way PyList_New
can error, if it is runs out of memory, but theoretically it can happen.
Linked PRs
Metadata
Metadata
Assignees
Labels
interpreter-core(Objects, Python, Grammar, and Parser dirs)(Objects, Python, Grammar, and Parser dirs)type-crashA hard crash of the interpreter, possibly with a core dumpA hard crash of the interpreter, possibly with a core dump