C.__name__ = 'D.E'
self.assertEqual((C.__module__, C.__name__), (mod, 'D.E'))
+ def test_evil_type_name(self):
+ # A badly placed Py_DECREF in type_set_name led to arbitrary code
+ # execution while the type structure was not in a sane state, and a
+ # possible segmentation fault as a result. See bug #16447.
+ class Nasty(str):
+ def __del__(self):
+ C.__name__ = "other"
+
+ class C:
+ pass
+
+ C.__name__ = Nasty("abc")
+ C.__name__ = "normal"
+
def test_subclass_right_op(self):
# Testing correct dispatch of subclass overloading __r<op>__...
Core and Builtins
-----------------
+- Issue #16447: Fixed potential segmentation fault when setting __name__ on a
+ class.
+
- Issue #17669: Fix crash involving finalization of generators using yield from.
- Issue #17619: Make input() check for Ctrl-C correctly on Windows.
Py_INCREF(value);
- Py_DECREF(et->ht_name);
+ /* Wait until et is a sane state before Py_DECREF'ing the old et->ht_name
+ value. (Bug #16447.) */
+ tmp = et->ht_name;
et->ht_name = value;
type->tp_name = tp_name;
+ Py_DECREF(tmp);
return 0;
}
projects / python / commitdiff