diff options
author | Gregory P. Smith [Google LLC] <gps@google.com> | 2021-07-16 23:09:10 -0700 |
---|---|---|
committer | Gregory P. Smith [Google LLC] <gps@google.com> | 2021-07-16 23:09:10 -0700 |
commit | c901c8cbb5fc67e069011f11fe954908e781470b (patch) | |
tree | 11ba9722ce3e54e7df491abc6767086f24b5cff1 /simplejson | |
parent | 16f362cacd53abee3e60b14d18536cf32e4219f0 (diff) | |
download | simplejson-c901c8cbb5fc67e069011f11fe954908e781470b.tar.gz |
Fix the C extension module to harden is_namedtuple.
Protects against looks-a-likes such as Mocks. Also prevent dict encoding
from causing an unraised SystemError when encountering a non-Dict.
Noticed by running user tests against a CPython interpreter with C
asserts enabled (COPTS += -UNDEBUG).
Diffstat (limited to 'simplejson')
-rw-r--r-- | simplejson/_speedups.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/simplejson/_speedups.c b/simplejson/_speedups.c index e710128..7c3b6b0 100644 --- a/simplejson/_speedups.c +++ b/simplejson/_speedups.c @@ -386,6 +386,9 @@ static int _is_namedtuple(PyObject *obj) { int rval = 0; + if (!PyTuple_Check(obj)) { + return 0; + } PyObject *_asdict = PyObject_GetAttrString(obj, "_asdict"); if (_asdict == NULL) { PyErr_Clear(); @@ -2953,6 +2956,9 @@ encoder_listencode_dict(PyEncoderObject *s, JSON_Accu *rval, PyObject *dct, Py_s PyObject *encoded = NULL; Py_ssize_t idx; + if (!PyDict_Check(dct)) { + return -1; + } if (open_dict == NULL || close_dict == NULL || empty_dict == NULL) { open_dict = JSON_InternFromString("{"); close_dict = JSON_InternFromString("}"); |