Issue 30243: Core dump when use uninitialized _json objects (original) (raw)

It is possible to get a core dump by using uninitialized _json objects.

$ ./python -c "import _json; _json.make_scanner.new(_json.make_scanner)('', 0)" Segmentation fault (core dumped) $ ./python -c "import _json; _json.make_encoder.new(_json.make_encoder)([0], 0)" Segmentation fault (core dumped)

The cause is that make_scanner and make_encoder classes implement new and init. The new methods create uninitialized object, with NULLs pointers, the init methods initialize them. Possible solutions are: 1) set fields to Py_None rather than NULL in new; 2) check every pointer for NULL before using; 3) just remove init methods and make initialization in new methods. Since the scanner and the encoder are not inheritable classes, the latter solution look the most preferable to me.