[issue5283] setting __class__ in __del__ is bad. mmkay. negative ref count! kaboom!
Amaury Forgeot d'Arc
report at bugs.python.org
Wed Feb 18 23:51:08 CET 2009
Amaury Forgeot d'Arc <amauryfa at gmail.com> added the comment:
I carefully looked at all places that store ->ob_type or Py_TYPE() in a
local variable, and I could not find any exploit. Most places don't
reuse the type once the method or the slot has been called.
Two places were harder to analyze: subtype_clear (but an attack would
use __del__, and use a reference cycle: subtype_clear is never called in
this case) and PyObject_Generic(Get|Set)Attr (the only escape path to
python code could be through PyType_Ready; but it has already been
called for heap types)
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue5283>
_______________________________________
More information about the Python-bugs-list
mailing list