[Python-checkins] r57987 - python/trunk/Lib/test/crashers/borrowed_ref_3.py
armin.rigo
python-checkins at python.org
Wed Sep 5 09:51:22 CEST 2007
Author: armin.rigo
Date: Wed Sep 5 09:51:21 2007
New Revision: 57987
Added:
python/trunk/Lib/test/crashers/borrowed_ref_3.py (contents, props changed)
Log:
PyDict_GetItem() returns a borrowed reference.
There are probably a number of places that are open to attacks
such as the following one, in bltinmodule.c:min_max().
Added: python/trunk/Lib/test/crashers/borrowed_ref_3.py
==============================================================================
--- (empty file)
+++ python/trunk/Lib/test/crashers/borrowed_ref_3.py Wed Sep 5 09:51:21 2007
@@ -0,0 +1,14 @@
+"""
+PyDict_GetItem() returns a borrowed reference.
+There are probably a number of places that are open to attacks
+such as the following one, in bltinmodule.c:min_max().
+"""
+
+class KeyFunc(object):
+ def __call__(self, n):
+ del d['key']
+ return 1
+
+
+d = {'key': KeyFunc()}
+min(range(10), **d)
More information about the Python-checkins
mailing list