Issue #5322: Fixed setting __new__ to a PyCFunction inside Python code.

Original patch by Andreas Stührk.
author: Serhiy Storchaka <storchaka@gmail.com> 2016-12-07 09:26:49 (GMT)
committer: Serhiy Storchaka <storchaka@gmail.com> 2016-12-07 09:26:49 (GMT)
commit: 0c78634d785361dcde0c2c138e8bf5f9bb744d3d (patch)
tree: 3b4b16b83fd8b377fa0c61c21be9695890c21250 /Objects
parent: 520348e5c0284668738e0ba98b86e7d1a5fd8600 (diff)
parent: 5adfac2c1b7fb4f0782d097e7e0e6c5614965634 (diff)
download: cpython-0c78634d785361dcde0c2c138e8bf5f9bb744d3d.zip
cpython-0c78634d785361dcde0c2c138e8bf5f9bb744d3d.tar.gz
cpython-0c78634d785361dcde0c2c138e8bf5f9bb744d3d.tar.bz2
1 files changed, 28 insertions, 1 deletions
diff --git a/Objects/typeobject.c b/Objects/typeobject.c
index 329261b..96444ae 100644
--- a/Objects/typeobject.c
+++ b/Objects/typeobject.c
@@ -6878,7 +6878,34 @@ update_one_slot(PyTypeObject *type, slotdef *p)
                sanity checks and constructing a new argument
                list.  Cut all that nonsense short -- this speeds
                up instance creation tremendously. */
-            specific = (void *)type->tp_new;
+            PyObject *self = PyCFunction_GET_SELF(descr);
+            if (!self || !PyType_Check(self)) {
+                /* This should never happen because
+                   tp_new_wrapper expects a type for self.
+                   Use slot_tp_new which will call
+                   tp_new_wrapper which will raise an
+                   exception. */
+                specific = (void *)slot_tp_new;
+            }
+            else {
+                PyTypeObject *staticbase;
+                specific = ((PyTypeObject *)self)->tp_new;
+                /* Check that the user does not do anything
+                   silly and unsafe like object.__new__(dict).
+                   To do this, we check that the most derived
+                   base that's not a heap type is this type. */
+                staticbase = type->tp_base;
+                while (staticbase &&
+                       (staticbase->tp_flags & Py_TPFLAGS_HEAPTYPE))
+                    staticbase = staticbase->tp_base;
+                if (staticbase &&
+                    staticbase->tp_new != specific)
+                    /* Seems to be unsafe, better use
+                       slot_tp_new which will call
+                       tp_new_wrapper which will raise an
+                       exception if it is unsafe. */
+                    specific = (void *)slot_tp_new;
+            }
             /* XXX I'm not 100% sure that there isn't a hole
                in this reasoning that requires additional
                sanity checks.  I'll buy the first person to
author	Serhiy Storchaka <storchaka@gmail.com>	2016-12-07 09:26:49 (GMT)
committer	Serhiy Storchaka <storchaka@gmail.com>	2016-12-07 09:26:49 (GMT)
commit	0c78634d785361dcde0c2c138e8bf5f9bb744d3d (patch)
tree	3b4b16b83fd8b377fa0c61c21be9695890c21250 /Objects
parent	520348e5c0284668738e0ba98b86e7d1a5fd8600 (diff)
parent	5adfac2c1b7fb4f0782d097e7e0e6c5614965634 (diff)
download	cpython-0c78634d785361dcde0c2c138e8bf5f9bb744d3d.zip cpython-0c78634d785361dcde0c2c138e8bf5f9bb744d3d.tar.gz cpython-0c78634d785361dcde0c2c138e8bf5f9bb744d3d.tar.bz2