PyDict_GetItem() returns a borrowed reference.

There are probably a number of places that are open to attacks such as the following one, in bltinmodule.c:min_max().
2007-09-05 07:51:21 +00:00 · 2007-09-05 07:51:21 +00:00 · 362bb51503
parent 4c1cb7ea8e
commit 362bb51503
1 changed files with 14 additions and 0 deletions
--- a/Lib/test/crashers/borrowed_ref_3.py
+++ b/Lib/test/crashers/borrowed_ref_3.py
@ -0,0 +1,14 @@
+"""
+PyDict_GetItem() returns a borrowed reference.
+There are probably a number of places that are open to attacks
+such as the following one, in bltinmodule.c:min_max().
+"""
+
+class KeyFunc(object):
+    def __call__(self, n):
+        del d['key']
+        return 1
+
+
+d = {'key': KeyFunc()}
+min(range(10), **d)