GH-105840: Fix assertion failures when specializing calls with too many __defaults__...

author Brandt Bucher <brandtbucher@microsoft.com>

Fri, 16 Jun 2023 18:01:15 +0000 (11:01 -0700)

committer GitHub <noreply@github.com>

Fri, 16 Jun 2023 18:01:15 +0000 (11:01 -0700)
author Brandt Bucher <brandtbucher@microsoft.com>
Fri, 16 Jun 2023 18:01:15 +0000 (11:01 -0700)
committer GitHub <noreply@github.com>
Fri, 16 Jun 2023 18:01:15 +0000 (11:01 -0700)
diff --git a/Lib/test/test_opcache.py b/Lib/test/test_opcache.py

index 57fed5d09fd7b8dad73b5c69ef1fafa0b6488d33..5281eb77c02d1bd1e165976080b2655817592f63 100644 (file)
--- a/Lib/test/test_opcache.py
+++ b/Lib/test/test_opcache.py
@@ -452,6 +452,35 @@ class TestLoadMethodCache(unittest.TestCase):
              self.assertFalse(f())
  
  
+class TestCallCache(unittest.TestCase):
+    def test_too_many_defaults_0(self):
+        def f():
+            pass
+
+        f.__defaults__ = (None,)
+        for _ in range(1025):
+            f()
+
+    def test_too_many_defaults_1(self):
+        def f(x):
+            pass
+
+        f.__defaults__ = (None, None)
+        for _ in range(1025):
+            f(None)
+            f()
+
+    def test_too_many_defaults_2(self):
+        def f(x, y):
+            pass
+
+        f.__defaults__ = (None, None, None)
+        for _ in range(1025):
+            f(None, None)
+            f(None)
+            f()
+
+
  if __name__ == "__main__":
      import unittest
      unittest.main()
diff --git a/Misc/NEWS.d/next/Core and Builtins/2023-06-15-22-11-43.gh-issue-105840.Fum_g_.rst b/Misc/NEWS.d/next/Core and Builtins/2023-06-15-22-11-43.gh-issue-105840.Fum_g_.rst

new file mode 100644 (file)

index 0000000..5225031
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2023-06-15-22-11-43.gh-issue-105840.Fum_g_.rst
@@ -0,0 +1,2 @@
+Fix possible crashes when specializing function calls with too many
+``__defaults__``.
diff --git a/Python/specialize.c b/Python/specialize.c

index cff414a01d0a37b4ddb4dbcb97874f8a0175d4e7..44b14c5952315f1e5beb8a25add768dc739af969 100644 (file)
--- a/Python/specialize.c
+++ b/Python/specialize.c
@@ -1647,9 +1647,9 @@ specialize_py_call(PyFunctionObject *func, _Py_CODEUNIT *instr, int nargs,
      }
      int argcount = code->co_argcount;
      int defcount = func->func_defaults == NULL ? 0 : (int)PyTuple_GET_SIZE(func->func_defaults);
-    assert(defcount <= argcount);
      int min_args = argcount-defcount;
-    if (nargs > argcount || nargs < min_args) {
+    // GH-105840: min_args is negative when somebody sets too many __defaults__!
+    if (min_args < 0 || nargs > argcount || nargs < min_args) {
          SPECIALIZATION_FAIL(CALL, SPEC_FAIL_WRONG_NUMBER_ARGUMENTS);
          return -1;
      }
author	Brandt Bucher <brandtbucher@microsoft.com>
	Fri, 16 Jun 2023 18:01:15 +0000 (11:01 -0700)
committer	GitHub <noreply@github.com>
	Fri, 16 Jun 2023 18:01:15 +0000 (11:01 -0700)
Lib/test/test_opcache.py		patch \| blob \| blame \| history
Misc/NEWS.d/next/Core and Builtins/2023-06-15-22-11-43.gh-issue-105840.Fum_g_.rst	[new file with mode: 0644]	patch \| blob
Python/specialize.c		patch \| blob \| blame \| history