[New-bugs-announce] [issue28920] Dangerous usage of "O" format string in _asynciomodule.c
STINNER Victor
report at bugs.python.org
Fri Dec 9 08:38:13 EST 2016
New submission from STINNER Victor:
The new _asyncio module of Python 3.6 uses the _PyObject_CallMethodId() function to call functions. This function has a weird behaviour when using the format string "O": if the object is a tuple, the tuple is unpacked.
_PyObject_CallMethodId(obj, &PyId_meth, "O", tuple, NULL) calls obj.meth(*tuple) instead of obj.meth(tuple).
I only found one function which may have the bug: task_call_step(). But it seems like this function cannot be called with a tuple as "arg", only with an exception object.
But just in case, I would suggest to replace:
_PyObject_CallMethodId(obj, nameid, "O", arg);
with
_PyObject_CallMethodIdObjArgs(obj, nameid, arg, NULL);
Note: _PyObject_CallMethodId() is called with a NULL terminal in the argument list, but the NULL is useless. A terminator is only required by _PyObject_CallMethodIdObjArgs(). Yeah, Python has a wide choice of functions to call a callable object, with funny APIs... And I'm adding new ones to Python 3.7 ;-)
----------
components: asyncio
messages: 282778
nosy: gvanrossum, haypo, yselivanov
priority: normal
severity: normal
status: open
title: Dangerous usage of "O" format string in _asynciomodule.c
versions: Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28920>
_______________________________________
More information about the New-bugs-announce
mailing list