Skip to content

gh-92930: _pickle.c: Acquire strong references before calling save() #92931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sweeneyde merged 11 commits into from
Jun 11, 2022
Merged

gh-92930: _pickle.c: Acquire strong references before calling save() #92931

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
9b70755
Acquire strong references after PyDict_Next
sweeneyde May 18, 2022
7af44c4
simplify test
sweeneyde May 18, 2022
802a220
📜🤖 Added by blurb_it.
blurb-it[bot] May 18, 2022
a2a8e35
INCREF before save() in batch_list_exact
sweeneyde Jun 10, 2022
58ad6a2
Merge branch 'main' into picklecrasher
sweeneyde Jun 10, 2022
e48b31d
Add INCREF/DECREF for save_set
sweeneyde Jun 10, 2022
72b3dd5
Merge branch 'picklecrasher' of https://github.com/sweeneyde/cpython …
sweeneyde Jun 10, 2022
7b8f697
More tests
sweeneyde Jun 10, 2022
7133c2c
Check non-singleton set
sweeneyde Jun 10, 2022
a939d16
Update Misc/NEWS.d/next/Core and Builtins/2022-05-18-18-34-45.gh-issu…
sweeneyde Jun 10, 2022
370c44e
clean up test case, better name
sweeneyde Jun 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
INCREF before save() in batch_list_exact
  • Loading branch information
@sweeneyde
sweeneyde committed Jun 10, 2022
commit a2a8e35118ca472a12b2b68dcc51fce5f200d920
16 changes: 16 additions & 0 deletions Lib/test/pickletester.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3064,6 +3064,22 @@ def __reduce__(self):
expected = "changed size during iteration"
self.assertIn(expected, str(e))

def test_evil_class_mutating_list(self):
if not hasattr(self, "pickler"):
raise self.skipTest(f"{type(self)} has no associated pickler type")

global P
class P(self.pickler):
def persistent_id(self, obj):
if obj is a[0]:
a.clear()
return None

for proto in protocols:
a = [[[[]]]]
with self.assertRaises(IndexError):
P(io.BytesIO(), proto).dump(a)


class BigmemPickleTests:

Expand Down
10 changes: 8 additions & 2 deletions Modules/_pickle.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3006,7 +3006,10 @@ batch_list_exact(PicklerObject *self, PyObject *obj)

if (PyList_GET_SIZE(obj) == 1) {
item = PyList_GET_ITEM(obj, 0);
if (save(self, item, 0) < 0)
Py_INCREF(item);
int err = save(self, item, 0);
Py_DECREF(item);
if (err < 0)
return -1;
if (_Pickler_Write(self, &append_op, 1) < 0)
return -1;
Expand All @@ -3021,7 +3024,10 @@ batch_list_exact(PicklerObject *self, PyObject *obj)
return -1;
while (total < PyList_GET_SIZE(obj)) {
item = PyList_GET_ITEM(obj, total);
if (save(self, item, 0) < 0)
Py_INCREF(item);
int err = save(self, item, 0);
Py_DECREF(item);
if (err < 0)
return -1;
total++;
if (++this_batch == BATCHSIZE)
Expand Down