From: Sergey B Kirpichev Date: Fri, 12 Dec 2025 10:47:45 +0000 (+0300) Subject: gh-142595: add type check for namedtuple call during decimal initialization (GH-142608) X-Git-Tag: v3.15.0a3~87 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be5e0dcdedb63185aaa3e2f711d14dc828cb3640;p=thirdparty%2FPython%2Fcpython.git gh-142595: add type check for namedtuple call during decimal initialization (GH-142608) --- diff --git a/Misc/NEWS.d/next/Library/2025-12-12-02-56-26.gh-issue-142595.wHvTqq.rst b/Misc/NEWS.d/next/Library/2025-12-12-02-56-26.gh-issue-142595.wHvTqq.rst new file mode 100644 index 000000000000..987e1ae8354b --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-12-12-02-56-26.gh-issue-142595.wHvTqq.rst @@ -0,0 +1,2 @@ +Added type check during initialization of the :mod:`decimal` module to +prevent a crash in case of broken stdlib. Patch by Sergey B Kirpichev. diff --git a/Modules/_decimal/_decimal.c b/Modules/_decimal/_decimal.c index 0484d9896a1c..6ed8c0f3beb2 100644 --- a/Modules/_decimal/_decimal.c +++ b/Modules/_decimal/_decimal.c @@ -7753,10 +7753,14 @@ _decimal_exec(PyObject *m) /* DecimalTuple */ ASSIGN_PTR(collections, PyImport_ImportModule("collections")); - ASSIGN_PTR(state->DecimalTuple, (PyTypeObject *)PyObject_CallMethod(collections, - "namedtuple", "(ss)", "DecimalTuple", - "sign digits exponent")); - + obj = PyObject_CallMethod(collections, "namedtuple", "(ss)", "DecimalTuple", + "sign digits exponent"); + if (!PyType_Check(obj)) { + PyErr_SetString(PyExc_TypeError, + "type is expected from namedtuple call"); + goto error; + } + ASSIGN_PTR(state->DecimalTuple, (PyTypeObject *)obj); ASSIGN_PTR(obj, PyUnicode_FromString("decimal")); CHECK_INT(PyDict_SetItemString(state->DecimalTuple->tp_dict, "__module__", obj)); Py_CLEAR(obj);