[New-bugs-announce] [issue28962] Crash when throwing an exception with a malicious __hash__ override
Jelle Zijlstra
report at bugs.python.org
Tue Dec 13 11:28:07 EST 2016
New submission from Jelle Zijlstra:
$ cat baderror.py
class BadError(Exception):
def __init__(self):
self.i = 0
def __hash__(self):
self.i += 1
return self.i
e = BadError()
raise e from e
$ ./python.exe -V
Python 3.5.2+
$ ./python.exe baderror.py
Segmentation fault: 11
I have reproduced this with Python 3.3, 3.4, 3.5, and 3.6; I assume it's been present throughout the 3 series.
This is because print_exception_recursive in pythonrun.c keeps following the __cause__ chain, and here the exception is its own __cause__. It uses a set to ensure that it breaks cycles, but that doesn't help here because of the exception's incorrect __hash__ method.
----------
components: Interpreter Core
files: baderror.py
messages: 283118
nosy: Jelle Zijlstra
priority: normal
severity: normal
status: open
title: Crash when throwing an exception with a malicious __hash__ override
versions: Python 3.3, Python 3.4, Python 3.5, Python 3.6, Python 3.7
Added file: http://bugs.python.org/file45876/baderror.py
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28962>
_______________________________________
More information about the New-bugs-announce
mailing list