From 7e97ee6ac8ccfc5de437c51c677319a35700662a Mon Sep 17 00:00:00 2001
From: Armin Rigo <arigo@tunes.org>
Date: Tue, 18 Apr 2006 14:00:01 +0000
Subject: [PATCH] A dictresize() attack.  If oldtable == mp->ma_smalltable then
 pure Python code can mangle with mp->ma_smalltable while it is being walked
 over.

---
 Lib/test/crashers/dictresize_attack.py | 32 ++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 Lib/test/crashers/dictresize_attack.py

diff --git a/Lib/test/crashers/dictresize_attack.py b/Lib/test/crashers/dictresize_attack.py
new file mode 100644
index 00000000000..1895791387f
--- /dev/null
+++ b/Lib/test/crashers/dictresize_attack.py
@@ -0,0 +1,32 @@
+# http://www.python.org/sf/1456209
+
+# A dictresize() attack.  If oldtable == mp->ma_smalltable then pure
+# Python code can mangle with mp->ma_smalltable while it is being walked
+# over.
+
+class X(object):
+
+    def __hash__(self):
+        return 5
+
+    def __eq__(self, other):
+        if resizing:
+            d.clear()
+        return False
+
+
+d = {}
+
+resizing = False
+
+d[X()] = 1
+d[X()] = 2
+d[X()] = 3
+d[X()] = 4
+d[X()] = 5
+
+# now trigger a resize
+resizing = True
+d[9] = 6
+
+# ^^^ I get Segmentation fault or Illegal instruction here.