[Patches] [ python-Patches-1658799 ] Handle requests to intern string subtype instances

SourceForge.net noreply at sourceforge.net
Wed Feb 14 13:21:20 CET 2007 

Patches item #1658799, was opened at 2007-02-13 10:34
Message generated for change (Comment added) made by arigo
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1658799&group_id=5470

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Core (C code)
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Hrvoje Nikšić (hniksic)
Assigned to: Nobody/Anonymous (nobody)
Summary: Handle requests to intern string subtype instances

Initial Comment:
This patch implements a small modification of PyString_InternInPlace that allows for safe interning of string subtype instances.  The change should be fully backward compatible -- for a rationale and discussion, see:

http://mail.python.org/pipermail/python-dev/2007-February/070973.html


----------------------------------------------------------------------

>Comment By: Armin Rigo (arigo)
Date: 2007-02-14 12:21

Message:
Logged In: YES 
user_id=4771
Originator: NO

Btw, any reason why you cannot simply say in
your Python program:  intern(str(s)) ?

----------------------------------------------------------------------

Comment By: Armin Rigo (arigo)
Date: 2007-02-14 12:13

Message:
Logged In: YES 
user_id=4771
Originator: NO

Ah, the code was the wrong way around.  The following
causes an Fatal Python error in a debug build:

s1 = "hel"
s1 = intern(s1 + "lo")

class S(str):
    def __hash__(self):
        return 0
    def __eq__(self, other):
        return False

s = S(s1)
s2 = intern(s)
del s1


----------------------------------------------------------------------

Comment By: Hrvoje Nikšić (hniksic)
Date: 2007-02-14 08:31

Message:
Logged In: YES 
user_id=1718107
Originator: YES

I don't think an attack is possible.  This patch retains the property that
only exact strings are interned.  If you create a pathological string
subtype that hashes like a different string instance (one that has already
been interned), all you'll achieve is that "interning" will return the
other instance.  As far as I can tell, no string is actually removed from
the interned dictionary (until it becomes unreachable, that is.)

What is the expected result of your test code?  I tried it and it ran
without error.


----------------------------------------------------------------------

Comment By: Armin Rigo (arigo)
Date: 2007-02-13 22:36

Message:
Logged In: YES 
user_id=4771
Originator: NO

I think that this opens an attack (untested, though): it allows a
previously-interned string to be removed from the dictionary.  This might
lead to a crash because the old string still thinks it is interned.  Try
something along the lines of:

s1 = "hel"
s1 = intern(s1 + "lo")

class S(str):
    def __hash__(self):
        return hash(s1)
    def __eq__(self, other):
        return other == s1

s = S("world")
intern(s)
del s1


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1658799&group_id=5470

More information about the Patches mailing list