From be5e0dcdedb63185aaa3e2f711d14dc828cb3640 Mon Sep 17 00:00:00 2001 From: Sergey B Kirpichev Date: Fri, 12 Dec 2025 13:47:45 +0300 Subject: [PATCH] gh-142595: add type check for namedtuple call during decimal initialization (GH-142608) --- .../2025-12-12-02-56-26.gh-issue-142595.wHvTqq.rst | 2 ++ Modules/_decimal/_decimal.c | 12 ++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2025-12-12-02-56-26.gh-issue-142595.wHvTqq.rst diff --git a/Misc/NEWS.d/next/Library/2025-12-12-02-56-26.gh-issue-142595.wHvTqq.rst b/Misc/NEWS.d/next/Library/2025-12-12-02-56-26.gh-issue-142595.wHvTqq.rst new file mode 100644 index 000000000000..987e1ae8354b --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-12-12-02-56-26.gh-issue-142595.wHvTqq.rst @@ -0,0 +1,2 @@ +Added type check during initialization of the :mod:`decimal` module to +prevent a crash in case of broken stdlib. Patch by Sergey B Kirpichev. diff --git a/Modules/_decimal/_decimal.c b/Modules/_decimal/_decimal.c index 0484d9896a1c..6ed8c0f3beb2 100644 --- a/Modules/_decimal/_decimal.c +++ b/Modules/_decimal/_decimal.c @@ -7753,10 +7753,14 @@ _decimal_exec(PyObject *m) /* DecimalTuple */ ASSIGN_PTR(collections, PyImport_ImportModule("collections")); - ASSIGN_PTR(state->DecimalTuple, (PyTypeObject *)PyObject_CallMethod(collections, - "namedtuple", "(ss)", "DecimalTuple", - "sign digits exponent")); - + obj = PyObject_CallMethod(collections, "namedtuple", "(ss)", "DecimalTuple", + "sign digits exponent"); + if (!PyType_Check(obj)) { + PyErr_SetString(PyExc_TypeError, + "type is expected from namedtuple call"); + goto error; + } + ASSIGN_PTR(state->DecimalTuple, (PyTypeObject *)obj); ASSIGN_PTR(obj, PyUnicode_FromString("decimal")); CHECK_INT(PyDict_SetItemString(state->DecimalTuple->tp_dict, "__module__", obj)); Py_CLEAR(obj); -- 2.47.3