[issue9751] _PyInstance_Lookup() defeats its purpose
Ezio Melotti
report at bugs.python.org
Wed May 9 11:56:35 CEST 2012
Ezio Melotti <ezio.melotti at gmail.com> added the comment:
I tracked this down a bit and this is what I found:
has_finalizer in Modules/gcmodule.c calls
return _PyInstance_Lookup(op, delstr) != NULL;
_PyInstance_Lookup in Modules/classobject.c calls
v = class_lookup(inst->in_class, name, &klass);
where inst is (PyInstanceObject *)op;
class_lookup in Modules/classobject.c eventually calls
PyObject *value = PyDict_GetItem(cp->cl_dict, name);
where cp is (PyClassObject *)inst->in_class
and since cp is not a valid pointer, cp->cl_dict results in the segfault after a few recursive calls of class_lookup.
Confirmed that this only affects 2.7.
----------
nosy: +ezio.melotti
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9751>
_______________________________________
More information about the Python-bugs-list
mailing list