support.check_free_after_iterating(self, lambda d: iter(d.values()), dict)
support.check_free_after_iterating(self, lambda d: iter(d.items()), dict)
+ def test_equal_operator_modifying_operand(self):
+ # test fix for seg fault reported in issue 27945 part 3.
+ class X():
+ def __del__(self):
+ dict_b.clear()
+
+ def __eq__(self, other):
+ dict_a.clear()
+ return True
+
+ def __hash__(self):
+ return 13
+
+ dict_a = {X(): 0}
+ dict_b = {X(): X()}
+ self.assertTrue(dict_a == dict_b)
+
+ def test_fromkeys_operator_modifying_dict_operand(self):
+ # test fix for seg fault reported in issue 27945 part 4a.
+ class X(int):
+ def __hash__(self):
+ return 13
+
+ def __eq__(self, other):
+ if len(d) > 1:
+ d.clear()
+ return False
+
+ d = {} # this is required to exist so that d can be constructed!
+ d = {X(1): 1, X(2): 2}
+ try:
+ dict.fromkeys(d) # shouldn't crash
+ except RuntimeError: # implementation defined
+ pass
+
+ def test_fromkeys_operator_modifying_set_operand(self):
+ # test fix for seg fault reported in issue 27945 part 4b.
+ class X(int):
+ def __hash__(self):
+ return 13
+
+ def __eq__(self, other):
+ if len(d) > 1:
+ d.clear()
+ return False
+
+ d = {} # this is required to exist so that d can be constructed!
+ d = {X(1), X(2)}
+ try:
+ dict.fromkeys(d) # shouldn't crash
+ except RuntimeError: # implementation defined
+ pass
+
+ def test_dictitems_contains_use_after_free(self):
+ class X:
+ def __eq__(self, other):
+ d.clear()
+ return NotImplemented
+
+ d = {0: set()}
+ (0, X()) in d.items()
+
+ def test_init_use_after_free(self):
+ class X:
+ def __hash__(self):
+ pair[:] = []
+ return 13
+
+ pair = [X(), 123]
+ dict([pair])
+
+ def test_oob_indexing_dictiter_iternextitem(self):
+ class X(int):
+ def __del__(self):
+ d.clear()
+
+ d = {i: X(i) for i in range(8)}
+
+ def iter_and_mutate():
+ for result in d.items():
+ if result[0] == 2:
+ d[2] = None # free d[2] --> X(2).__del__ was called
+
+ self.assertRaises(RuntimeError, iter_and_mutate)
+
class CAPITest(unittest.TestCase):
PyDictKeyEntry *ep, *ep0;
Py_ssize_t hashpos, ix;
+ Py_INCREF(key);
+ Py_INCREF(value);
if (mp->ma_values != NULL && !PyUnicode_CheckExact(key)) {
if (insertion_resize(mp) < 0)
- return -1;
+ goto Fail;
}
ix = mp->ma_keys->dk_lookup(mp, key, hash, &value_addr, &hashpos);
- if (ix == DKIX_ERROR) {
- return -1;
- }
+ if (ix == DKIX_ERROR)
+ goto Fail;
assert(PyUnicode_CheckExact(key) || mp->ma_keys->dk_lookup == lookdict);
- Py_INCREF(value);
MAINTAIN_TRACKING(mp, key, value);
/* When insertion order is different from shared key, we can't share
if (_PyDict_HasSplitTable(mp) &&
((ix >= 0 && *value_addr == NULL && mp->ma_used != ix) ||
(ix == DKIX_EMPTY && mp->ma_used != mp->ma_keys->dk_nentries))) {
- if (insertion_resize(mp) < 0) {
- Py_DECREF(value);
- return -1;
- }
+ if (insertion_resize(mp) < 0)
+ goto Fail;
find_empty_slot(mp, key, hash, &value_addr, &hashpos);
ix = DKIX_EMPTY;
}
/* Insert into new slot. */
if (mp->ma_keys->dk_usable <= 0) {
/* Need to resize. */
- if (insertion_resize(mp) < 0) {
- Py_DECREF(value);
- return -1;
- }
+ if (insertion_resize(mp) < 0)
+ goto Fail;
find_empty_slot(mp, key, hash, &value_addr, &hashpos);
}
ep0 = DK_ENTRIES(mp->ma_keys);
ep = &ep0[mp->ma_keys->dk_nentries];
dk_set_index(mp->ma_keys, hashpos, mp->ma_keys->dk_nentries);
- Py_INCREF(key);
ep->me_key = key;
ep->me_hash = hash;
if (mp->ma_values) {
assert(_PyDict_CheckConsistency(mp));
Py_DECREF(old_value); /* which **CAN** re-enter (see issue #22653) */
+ Py_DECREF(key);
return 0;
}
mp->ma_used++;
mp->ma_version_tag = DICT_NEXT_VERSION();
assert(_PyDict_CheckConsistency(mp));
+ Py_DECREF(key);
return 0;
+
+Fail:
+ Py_DECREF(value);
+ Py_DECREF(key);
+ return -1;
}
/*
/* Update/merge with this (key, value) pair. */
key = PySequence_Fast_GET_ITEM(fast, 0);
value = PySequence_Fast_GET_ITEM(fast, 1);
+ Py_INCREF(key);
+ Py_INCREF(value);
if (override || PyDict_GetItem(d, key) == NULL) {
int status = PyDict_SetItem(d, key, value);
- if (status < 0)
+ if (status < 0) {
+ Py_DECREF(key);
+ Py_DECREF(value);
goto Fail;
+ }
}
+ Py_DECREF(key);
+ Py_DECREF(value);
Py_DECREF(fast);
Py_DECREF(item);
}
bval = NULL;
else
bval = *vaddr;
- Py_DECREF(key);
if (bval == NULL) {
+ Py_DECREF(key);
Py_DECREF(aval);
if (PyErr_Occurred())
return -1;
return 0;
}
cmp = PyObject_RichCompareBool(aval, bval, Py_EQ);
+ Py_DECREF(key);
Py_DECREF(aval);
if (cmp <= 0) /* error or not equal */
return cmp;
static PyObject *
dictiter_iternextitem(dictiterobject *di)
{
- PyObject *key, *value, *result = di->di_result;
+ PyObject *key, *value, *result;
Py_ssize_t i, n;
PyDictObject *d = di->di_dict;
}
di->di_pos = i+1;
di->len--;
- if (result->ob_refcnt == 1) {
+ Py_INCREF(key);
+ Py_INCREF(value);
+ result = di->di_result;
+ if (Py_REFCNT(result) == 1) {
+ PyObject *oldkey = PyTuple_GET_ITEM(result, 0);
+ PyObject *oldvalue = PyTuple_GET_ITEM(result, 1);
+ PyTuple_SET_ITEM(result, 0, key); /* steals reference */
+ PyTuple_SET_ITEM(result, 1, value); /* steals reference */
Py_INCREF(result);
- Py_DECREF(PyTuple_GET_ITEM(result, 0));
- Py_DECREF(PyTuple_GET_ITEM(result, 1));
+ Py_DECREF(oldkey);
+ Py_DECREF(oldvalue);
}
else {
result = PyTuple_New(2);
if (result == NULL)
return NULL;
+ PyTuple_SET_ITEM(result, 0, key); /* steals reference */
+ PyTuple_SET_ITEM(result, 1, value); /* steals reference */
}
- Py_INCREF(key);
- Py_INCREF(value);
- PyTuple_SET_ITEM(result, 0, key); /* steals reference */
- PyTuple_SET_ITEM(result, 1, value); /* steals reference */
return result;
fail:
static int
dictitems_contains(_PyDictViewObject *dv, PyObject *obj)
{
+ int result;
PyObject *key, *value, *found;
if (dv->dv_dict == NULL)
return 0;
return -1;
return 0;
}
- return PyObject_RichCompareBool(value, found, Py_EQ);
+ Py_INCREF(found);
+ result = PyObject_RichCompareBool(value, found, Py_EQ);
+ Py_DECREF(found);
+ return result;
}
static PySequenceMethods dictitems_as_sequence = {
projects / python / commitdiff