[Python-Dev] Showstopper

Tim Peters tim.one@home.com
Sun, 15 Apr 2001 19:05:25 -0400

Previous message: [Python-Dev] Showstopper
Next message: [Python-Dev] Showstopper
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Guido]
> I've checked in what I think is a complete fix, but I wouldn't mind
> some extra eyes -- I'm in a bit of a rush to head out for dinner now.
>
> But Tim, please take a nap first! :-)

Heh.  I'm working on it.

Initial bleary-eyeballing turned up one vulnerability remaining, in
dict_popitem():   allocating the result tuple *could* conceivably empty the
dict, in which case the search loop will never terminate.  So I'd move the
"empty?" test after the allocation, like so (untested!):

	/* Allocate the result tuple first.  Believe it or not,
	 * this allocation could trigger a garbage collection which
	 * could resize the dict, which would invalidate the pointer
	 * (ep) into the dict calculated below, or clear the dict.
	 * So we have to do this first.
	 */
	res = PyTuple_New(2);
	if (res == NULL)
		return NULL;
	if (mp->ma_used == 0) {
		PyErr_SetString(PyExc_KeyError,
				"popitem(): dictionary is empty");
		Py_DECREF(res);
		return NULL;
	}

In practice (well, mine), .popitem() is never called on an empty dict, so I
don't at all mind allocating a tuple just to throw it away immediately if the
dict is empty.

zzzzzzzzzzzzzingly y'rs  - tim


PS:  Another release candidate is a prudent idea.  I'll be up again in 1.5
hours.

Previous message: [Python-Dev] Showstopper
Next message: [Python-Dev] Showstopper
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]