bpo-31608: Fix a crash in methods of a subclass of _collections.deque with a bad __new__() #3788
Conversation
Modules/_collectionsmodule.c
Outdated
| deque, old_deque->maxlen, NULL); | ||
| } | ||
| if (result != NULL && | ||
| !PyObject_IsInstance(result, (PyObject *)&deque_type)) |
There was a problem hiding this comment.
PyObject_IsInstance()can raise an exception.- Even if
PyObject_IsInstance()returns 1, the result can have the binary layout different from dequeobject (because__instancecheck__), and the following concatenation or repeating will crash. UsePyObject_TypeCheck()instead.
Modules/_collectionsmodule.c
Outdated
| !PyObject_IsInstance(result, (PyObject *)&deque_type)) | ||
| { | ||
| PyErr_Format(PyExc_TypeError, | ||
| "%.200s.__new__() must return a deque, not %.200s", |
There was a problem hiding this comment.
Bad __new__() is not the only possible cause. The type can be an instance of a metaclass with overridden __call__.
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
|
@rhettinger, please take a look at this patch. |
Modules/_collectionsmodule.c
Outdated
| else { | ||
| result = PyObject_CallFunction((PyObject *)(Py_TYPE(deque)), "Oi", | ||
| deque, old_deque->maxlen, NULL); | ||
| } |
There was a problem hiding this comment.
Please restore 541-548 to their former state and limit the patch to just the issue at hand.
| Py_DECREF(result); | ||
| return NULL; | ||
| } | ||
| return result; |
There was a problem hiding this comment.
This looks fine but it needs a test.
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
* added a test. * added a NEWS.d item.
Lib/test/test_deque.py
Outdated
| pass | ||
| d = X() | ||
| def bad___new__(cls, *args, **kwargs): | ||
| return 42 |
There was a problem hiding this comment.
I think returning a list is more realistic example.
| return 42 | ||
| X.__new__ = bad___new__ | ||
| with self.assertRaises(TypeError): | ||
| d * 42 # shouldn't crash |
There was a problem hiding this comment.
What about concatenation?
There was a problem hiding this comment.
The C changes are only to deque_copy(), so i thought that testing also the concatenation is redundant.
Should i add it to the test anyway?
| @@ -0,0 +1,2 @@ | |||
| Raise a ``TypeError`` instead of crashing, in specific cases where a | |||
| ``collections.deque`` subclass returns a non-deque. Patch by Oren Milman. | |||
There was a problem hiding this comment.
I would mention a copy.
There was a problem hiding this comment.
I think that mentioning the copy won't help much to a user that isn't familiar with the internal implementation.
If you think that i should be more specific, i could mention that the crashes were in repetition and concatenation.
What do you think?
|
I have made the requested changes; please review again. |
|
Thanks for making the requested changes! @serhiy-storchaka, @rhettinger: please review the changes made to this pull request. |
|
Thanks @orenmn for the PR, and @benjaminp for merging it 🌮🎉.. I'm working now to backport this PR to: 2.7, 3.6, 3.7. |
…s.deque with a bad __new__(). (pythonGH-3788) (cherry picked from commit 24bd50b) Co-authored-by: Oren Milman <[email protected]>
|
GH-9177 is a backport of this pull request to the 3.7 branch. |
|
Sorry, @orenmn and @benjaminp, I could not cleanly backport this to |
|
Sorry, @orenmn and @benjaminp, I could not cleanly backport this to |
…ections.deque with a bad __new__(). (GH-3788). (cherry picked from commit 24bd50b) Co-authored-by: Oren Milman <[email protected]>
…ections.deque with a bad __new__(). (GH-3788). (cherry picked from commit 24bd50b) Co-authored-by: Oren Milman <[email protected]>
…s.deque with a bad __new__(). (GH-3788) (cherry picked from commit 24bd50b) Co-authored-by: Oren Milman <[email protected]>
7 participants
_collectionsmodule.c: add a check whether__new__()returned a deque.https://bugs.python.org/issue31608