Issue 24257: Incorrect use of PyObject_IsInstance (original) (raw)

Created on 2015-05-21 08:40 by serhiy.storchaka, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
typecheck.patch serhiy.storchaka,2015-05-21 08:40 review
typecheck_2.patch serhiy.storchaka,2015-05-21 15:25 review
Messages (6)
msg243739 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-05-21 08:40
PyObject_IsInstance() is used incorrectly for testing if Python object is an instance of specified builtin type before direct access to internals of object. This is not correct, because PyObject_IsInstance() checks the __class__ attribute that can be modified and even can be dynamic property. Correct way is to check static type. Proposed patch replaces PyObject_IsInstance() with PyObject_TypeCheck() if this is appropriate. See also similar issues and .
msg243752 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2015-05-21 14:02
Is there any chance that these changes will break working code, or is it the case that if the current check passes incorrectly one will always get a segfauilt or other error?
msg243754 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2015-05-21 14:57
> is it the case that if the current check passes incorrectly > one will always get a segfauilt or other error? Yes, that is the case. All four of these checks precede a reference to an structure member that depends on being an exact type or subtype. So, yes they are all necessary to prevent segfaults or other undefined behavior.
msg243756 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-05-21 15:25
Yes, it is the case that if the current check passes incorrectly one will always get a segfauilt or other error. Added tests for types.SimpleNamespace and sqlite3.Cursor. It is not easy to reproduce a bug for StopIterator (not sure it is reproducible), but the code looks definitely erroneous in any case.
msg243797 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2015-05-22 01:15
Serhiy, go ahead and apply your patch. The existing code is clearly wrong.
msg243820 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2015-05-22 08:14
New changeset bccaba8a5482 by Serhiy Storchaka in branch '2.7': Issue #24257: Fixed segmentation fault in sqlite3.Row constructor with faked https://hg.python.org/cpython/rev/bccaba8a5482 New changeset c7b9645a6f35 by Serhiy Storchaka in branch '3.4': Issue #24257: Fixed incorrect uses of PyObject_IsInstance(). https://hg.python.org/cpython/rev/c7b9645a6f35 New changeset a5101529a8a9 by Serhiy Storchaka in branch 'default': Issue #24257: Fixed incorrect uses of PyObject_IsInstance(). https://hg.python.org/cpython/rev/a5101529a8a9
History
Date User Action Args
2022-04-11 14:58:17 admin set github: 68445
2015-05-22 08:24:25 serhiy.storchaka set status: open -> closedresolution: fixedstage: patch review -> resolved
2015-05-22 08:14:05 python-dev set nosy: + python-devmessages: +
2015-05-22 01:15:15 rhettinger set assignee: serhiy.storchakamessages: +
2015-05-21 15:25:23 serhiy.storchaka set files: + typecheck_2.patchmessages: +
2015-05-21 14:57:22 rhettinger set nosy: + rhettingermessages: +
2015-05-21 14:02:04 r.david.murray set nosy: + r.david.murraymessages: +
2015-05-21 08:40:46 serhiy.storchaka create