Fix two crashers.

2 files changed, 0 insertions, 42 deletions

diff --git a/Lib/test/crashers/borrowed_ref_3.py b/Lib/test/crashers/borrowed_ref_3.py
deleted file mode 100644
index f241108..0000000
--- a/Lib/test/crashers/borrowed_ref_3.py
+++ /dev/null
@@ -1,14 +0,0 @@
-"""
-PyDict_GetItem() returns a borrowed reference.
-There are probably a number of places that are open to attacks
-such as the following one, in bltinmodule.c:min_max().
-"""
-
-class KeyFunc(object):
-    def __call__(self, n):
-        del d['key']
-        return 1
-
-
-d = {'key': KeyFunc()}
-min(range(10), **d)
diff --git a/Lib/test/crashers/borrowed_ref_4.py b/Lib/test/crashers/borrowed_ref_4.py
deleted file mode 100644
index d1fd8aa..0000000
--- a/Lib/test/crashers/borrowed_ref_4.py
+++ /dev/null
@@ -1,28 +0,0 @@
-"""
-PyDict_GetItem() returns a borrowed reference.
-This attack is against ceval.c:IMPORT_NAME, which calls an
-object (__builtin__.__import__) without holding a reference to it.
-"""
-
-import types
-import __builtin__
-
-
-class X(object):
-    def __getattr__(self, name):
-        # this is called with name == '__bases__' by PyObject_IsInstance()
-        # during the unbound method call -- it frees the unbound method
-        # itself before it invokes its im_func.
-        del __builtin__.__import__
-        return ()
-
-pseudoclass = X()
-
-class Y(object):
-    def __call__(self, *args):
-        # 'self' was freed already
-        print self, args
-
-# make an unbound method
-__builtin__.__import__ = types.MethodType(Y(), None, (pseudoclass, str))
-import spam