[issue24683] Type confusion in json encoding
Ronald Oussoren
report at bugs.python.org
Wed Jul 22 13:51:45 CEST 2015
Ronald Oussoren added the comment:
In encoder_init (the __init__ for _json.Encoder) s->marker is set to an argument of __init__, without any kind of type check, it can therefore be an arbitrary object.
encoder_listencode_obj (and other functions) then use s->markers with the concrete API for dicts (such as PyDict_Contains).
PyDict_Contains does not perform a type check, but casts its first argument to a PyDictObject and access fields. That causes problems when the marker isn't actually a dict.
I don't know the module good enough to be 100% sure about a fix, but I think it would be best to add a type check to encoder_init.
BTW. As far as I know _json.make_encoder is a private API and shouldn't be used directly, when you use the public API the argument will always be a dict.
----------
nosy: +ronaldoussoren
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24683>
_______________________________________
More information about the Python-bugs-list
mailing list