[3.5] bpo-30243: Fixed the possibility of a crash in _json. (GH-1420) (#1470)

author Serhiy Storchaka <storchaka@gmail.com>

Fri, 5 May 2017 07:40:47 +0000 (10:40 +0300)

committer GitHub <noreply@github.com>

Fri, 5 May 2017 07:40:47 +0000 (10:40 +0300)
author Serhiy Storchaka <storchaka@gmail.com>
Fri, 5 May 2017 07:40:47 +0000 (10:40 +0300)
committer GitHub <noreply@github.com>
Fri, 5 May 2017 07:40:47 +0000 (10:40 +0300)
diff --git a/Misc/NEWS b/Misc/NEWS

index 8a42a23989fff66dd1c3d797c20fcc024425cdd1..8ea2fd3c88ccdcd1f45dc02de5f5f90e0e835e1d 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -49,6 +49,10 @@ Extension Modules
  Library
  -------
  
+- bpo-30243: Removed the __init__ methods of _json's scanner and encoder.
+  Misusing them could cause memory leaks or crashes.  Now scanner and encoder
+  objects are completely initialized in the __new__ methods.
+
  - bpo-30185: Avoid KeyboardInterrupt tracebacks in forkserver helper process
    when Ctrl-C is received.
  
diff --git a/Modules/_json.c b/Modules/_json.c

index 8cbf2e405869e07b054e6bd9b498916abbe30310..446795e2299a7246adb650fec625f578b6f8405d 100644 (file)
--- a/Modules/_json.c
+++ b/Modules/_json.c
@@ -89,16 +89,12 @@ static PyObject *
  _build_rval_index_tuple(PyObject *rval, Py_ssize_t idx);
  static PyObject *
  scanner_new(PyTypeObject *type, PyObject *args, PyObject *kwds);
-static int
-scanner_init(PyObject *self, PyObject *args, PyObject *kwds);
  static void
  scanner_dealloc(PyObject *self);
  static int
  scanner_clear(PyObject *self);
  static PyObject *
  encoder_new(PyTypeObject *type, PyObject *args, PyObject *kwds);
-static int
-encoder_init(PyObject *self, PyObject *args, PyObject *kwds);
  static void
  encoder_dealloc(PyObject *self);
  static int
@@ -1203,38 +1199,21 @@ static PyObject *
  scanner_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
  {
      PyScannerObject *s;
-    s = (PyScannerObject *)type->tp_alloc(type, 0);
-    if (s != NULL) {
-        s->strict = NULL;
-        s->object_hook = NULL;
-        s->object_pairs_hook = NULL;
-        s->parse_float = NULL;
-        s->parse_int = NULL;
-        s->parse_constant = NULL;
-    }
-    return (PyObject *)s;
-}
-
-static int
-scanner_init(PyObject *self, PyObject *args, PyObject *kwds)
-{
-    /* Initialize Scanner object */
      PyObject *ctx;
      static char *kwlist[] = {"context", NULL};
-    PyScannerObject *s;
-
-    assert(PyScanner_Check(self));
-    s = (PyScannerObject *)self;
  
      if (!PyArg_ParseTupleAndKeywords(args, kwds, "O:make_scanner", kwlist, &ctx))
-        return -1;
+        return NULL;
  
-    if (s->memo == NULL) {
-        s->memo = PyDict_New();
-        if (s->memo == NULL)
-            goto bail;
+    s = (PyScannerObject *)type->tp_alloc(type, 0);
+    if (s == NULL) {
+        return NULL;
      }
  
+    s->memo = PyDict_New();
+    if (s->memo == NULL)
+        goto bail;
+
      /* All of these will fail "gracefully" so we don't need to verify them */
      s->strict = PyObject_GetAttrString(ctx, "strict");
      if (s->strict == NULL)
@@ -1255,16 +1234,11 @@ scanner_init(PyObject *self, PyObject *args, PyObject *kwds)
      if (s->parse_constant == NULL)
          goto bail;
  
-    return 0;
+    return (PyObject *)s;
  
  bail:
-    Py_CLEAR(s->strict);
-    Py_CLEAR(s->object_hook);
-    Py_CLEAR(s->object_pairs_hook);
-    Py_CLEAR(s->parse_float);
-    Py_CLEAR(s->parse_int);
-    Py_CLEAR(s->parse_constant);
-    return -1;
+    Py_DECREF(s);
+    return NULL;
  }
  
  PyDoc_STRVAR(scanner_doc, "JSON scanner object");
@@ -1306,7 +1280,7 @@ PyTypeObject PyScannerType = {
      0,                    /* tp_descr_get */
      0,                    /* tp_descr_set */
      0,                    /* tp_dictoffset */
-    scanner_init,                    /* tp_init */
+    0,                    /* tp_init */
      0,/* PyType_GenericAlloc, */        /* tp_alloc */
      scanner_new,          /* tp_new */
      0,/* PyObject_GC_Del, */              /* tp_free */
@@ -1315,25 +1289,6 @@ PyTypeObject PyScannerType = {
  static PyObject *
  encoder_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
  {
-    PyEncoderObject *s;
-    s = (PyEncoderObject *)type->tp_alloc(type, 0);
-    if (s != NULL) {
-        s->markers = NULL;
-        s->defaultfn = NULL;
-        s->encoder = NULL;
-        s->indent = NULL;
-        s->key_separator = NULL;
-        s->item_separator = NULL;
-        s->sort_keys = NULL;
-        s->skipkeys = NULL;
-    }
-    return (PyObject *)s;
-}
-
-static int
-encoder_init(PyObject *self, PyObject *args, PyObject *kwds)
-{
-    /* initialize Encoder object */
      static char *kwlist[] = {"markers", "default", "encoder", "indent", "key_separator", "item_separator", "sort_keys", "skipkeys", "allow_nan", NULL};
  
      PyEncoderObject *s;
@@ -1341,22 +1296,23 @@ encoder_init(PyObject *self, PyObject *args, PyObject *kwds)
      PyObject *item_separator, *sort_keys, *skipkeys;
      int allow_nan;
  
-    assert(PyEncoder_Check(self));
-    s = (PyEncoderObject *)self;
-
      if (!PyArg_ParseTupleAndKeywords(args, kwds, "OOOOUUOOp:make_encoder", kwlist,
          &markers, &defaultfn, &encoder, &indent,
          &key_separator, &item_separator,
          &sort_keys, &skipkeys, &allow_nan))
-        return -1;
+        return NULL;
  
      if (markers != Py_None && !PyDict_Check(markers)) {
          PyErr_Format(PyExc_TypeError,
                       "make_encoder() argument 1 must be dict or None, "
                       "not %.200s", Py_TYPE(markers)->tp_name);
-        return -1;
+        return NULL;
      }
  
+    s = (PyEncoderObject *)type->tp_alloc(type, 0);
+    if (s == NULL)
+        return NULL;
+
      s->markers = markers;
      s->defaultfn = defaultfn;
      s->encoder = encoder;
@@ -1383,7 +1339,7 @@ encoder_init(PyObject *self, PyObject *args, PyObject *kwds)
      Py_INCREF(s->item_separator);
      Py_INCREF(s->sort_keys);
      Py_INCREF(s->skipkeys);
-    return 0;
+    return (PyObject *)s;
  }
  
  static PyObject *
@@ -1914,7 +1870,7 @@ PyTypeObject PyEncoderType = {
      0,                    /* tp_descr_get */
      0,                    /* tp_descr_set */
      0,                    /* tp_dictoffset */
-    encoder_init,         /* tp_init */
+    0,                    /* tp_init */
      0,                    /* tp_alloc */
      encoder_new,          /* tp_new */
      0,                    /* tp_free */
@@ -1957,10 +1913,8 @@ PyInit__json(void)
      PyObject *m = PyModule_Create(&jsonmodule);
      if (!m)
          return NULL;
-    PyScannerType.tp_new = PyType_GenericNew;
      if (PyType_Ready(&PyScannerType) < 0)
          goto fail;
-    PyEncoderType.tp_new = PyType_GenericNew;
      if (PyType_Ready(&PyEncoderType) < 0)
          goto fail;
      Py_INCREF((PyObject*)&PyScannerType);
author	Serhiy Storchaka <storchaka@gmail.com>
	Fri, 5 May 2017 07:40:47 +0000 (10:40 +0300)
committer	GitHub <noreply@github.com>
	Fri, 5 May 2017 07:40:47 +0000 (10:40 +0300)
Misc/NEWS		patch \| blob \| history
Modules/_json.c		patch \| blob \| history