[issue21213] Memory bomb by incorrect custom serializer to json.dumps
Lukas Lueg
report at bugs.python.org
Sat Apr 26 17:07:40 CEST 2014
Lukas Lueg added the comment:
The behavior is triggered in Modules/_json.c:encoder_listencode_obj(). It actually has nothing to do with the TypeError itself, any object that produces a new string representation of itself will do.
The function encoder_listencode_obj() calls the user-supplied function with the instance to get a string, float, integer or whatever it knows to how convert to json by itself. As the function keeps returning new instances of TypeError, the recursion builds up. The MemoryError is ultimately triggered by the fact that repr() keeps escaping all single quotes from the previous repr(), generating a huge string. Also see "repr(repr(repr("'")))"
Testing with 2gb of ram and no swap (disable to to prevent starvation instead of immediate crash!), cpython dies within 34 recursion levels. The obj-parameter for encoder_listencode_obj() looks like "Foo(obj='<Foo \'<Foo \\\'<Foo \\\\\\\'<Foo "<Foo \\\\\\\\\\\\\\\'<object object at 0x7ffff7f52100>\\\\\\\\\\\\\\\'>">\\\\\\\'>\\\'>\'>')".
My two cents: This is expected behavior. The json-module has no way to tell in advance if the encoding-function never returns. The fact that repr() causes this blowup here can't be fixed.
----------
nosy: +ebfe
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21213>
_______________________________________
More information about the Python-bugs-list
mailing list