diff options
| author | Brandt Bucher <brandtbucher@microsoft.com> | 2023-06-16 18:01:15 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-16 18:01:15 (GMT) |
| commit | 2beab5bdef5fa2a00a59371e6137f769586b7404 (patch) | |
| tree | 8c515dfdb7f35a539fc179cbfb1002dbda8d3ee6 | |
| parent | b356a4749acb3e6f8c50e8abeb7b2d2b267738d7 (diff) | |
| download | cpython-2beab5bdef5fa2a00a59371e6137f769586b7404.zip cpython-2beab5bdef5fa2a00a59371e6137f769586b7404.tar.gz cpython-2beab5bdef5fa2a00a59371e6137f769586b7404.tar.bz2 | |
GH-105840: Fix assertion failures when specializing calls with too many __defaults__ (GH-105847)
| -rw-r--r-- | Lib/test/test_opcache.py | 29 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Core and Builtins/2023-06-15-22-11-43.gh-issue-105840.Fum_g_.rst | 2 | ||||
| -rw-r--r-- | Python/specialize.c | 4 |
3 files changed, 33 insertions, 2 deletions
diff --git a/Lib/test/test_opcache.py b/Lib/test/test_opcache.py index 57fed5d..5281eb7 100644 --- a/Lib/test/test_opcache.py +++ b/Lib/test/test_opcache.py @@ -452,6 +452,35 @@ class TestLoadMethodCache(unittest.TestCase): self.assertFalse(f()) +class TestCallCache(unittest.TestCase): + def test_too_many_defaults_0(self): + def f(): + pass + + f.__defaults__ = (None,) + for _ in range(1025): + f() + + def test_too_many_defaults_1(self): + def f(x): + pass + + f.__defaults__ = (None, None) + for _ in range(1025): + f(None) + f() + + def test_too_many_defaults_2(self): + def f(x, y): + pass + + f.__defaults__ = (None, None, None) + for _ in range(1025): + f(None, None) + f(None) + f() + + if __name__ == "__main__": import unittest unittest.main() diff --git a/Misc/NEWS.d/next/Core and Builtins/2023-06-15-22-11-43.gh-issue-105840.Fum_g_.rst b/Misc/NEWS.d/next/Core and Builtins/2023-06-15-22-11-43.gh-issue-105840.Fum_g_.rst new file mode 100644 index 0000000..5225031 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2023-06-15-22-11-43.gh-issue-105840.Fum_g_.rst @@ -0,0 +1,2 @@ +Fix possible crashes when specializing function calls with too many +``__defaults__``. diff --git a/Python/specialize.c b/Python/specialize.c index cff414a..44b14c5 100644 --- a/Python/specialize.c +++ b/Python/specialize.c @@ -1647,9 +1647,9 @@ specialize_py_call(PyFunctionObject *func, _Py_CODEUNIT *instr, int nargs, } int argcount = code->co_argcount; int defcount = func->func_defaults == NULL ? 0 : (int)PyTuple_GET_SIZE(func->func_defaults); - assert(defcount <= argcount); int min_args = argcount-defcount; - if (nargs > argcount || nargs < min_args) { + // GH-105840: min_args is negative when somebody sets too many __defaults__! + if (min_args < 0 || nargs > argcount || nargs < min_args) { SPECIALIZATION_FAIL(CALL, SPEC_FAIL_WRONG_NUMBER_ARGUMENTS); return -1; } |