1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
"""
The gc module can still invoke arbitrary Python code and crash.
This is an attack against _PyInstance_Lookup(), which is documented
as follows:
The point of this routine is that it never calls arbitrary Python
code, so is always "safe": all it does is dict lookups.
But of course dict lookups can call arbitrary Python code.
The following code causes mutation of the object graph during
the call to has_finalizer() in gcmodule.c, and that might
segfault.
"""
import gc
class A:
def __hash__(self):
return hash("__del__")
def __eq__(self, other):
del self.other
return False
a = A()
b = A()
a.__dict__[b] = 'A'
a.other = b
b.other = a
gc.collect()
del a, b
gc.collect()
|
