Patches item #1658799, was opened at 2007-02-13 10:34 Message generated for change (Comment added) made by arigo You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1658799&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core (C code) Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Hrvoje Nikšić (hniksic) Assigned to: Nobody/Anonymous (nobody) Summary: Handle requests to intern string subtype instances Initial Comment: This patch implements a small modification of PyString_InternInPlace that allows for safe interning of string subtype instances. The change should be fully backward compatible -- for a rationale and discussion, see: http://mail.python.org/pipermail/python-dev/2007-February/070973.html ---------------------------------------------------------------------- >Comment By: Armin Rigo (arigo) Date: 2007-02-14 12:13 Message: Logged In: YES user_id=4771 Originator: NO Ah, the code was the wrong way around. The following causes an Fatal Python error in a debug build: s1 = "hel" s1 = intern(s1 + "lo") class S(str): def __hash__(self): return 0 def __eq__(self, other): return False s = S(s1) s2 = intern(s) del s1 ---------------------------------------------------------------------- Comment By: Hrvoje Nikšić (hniksic) Date: 2007-02-14 08:31 Message: Logged In: YES user_id=1718107 Originator: YES I don't think an attack is possible. This patch retains the property that only exact strings are interned. If you create a pathological string subtype that hashes like a different string instance (one that has already been interned), all you'll achieve is that "interning" will return the other instance. As far as I can tell, no string is actually removed from the interned dictionary (until it becomes unreachable, that is.) What is the expected result of your test code? I tried it and it ran without error. ---------------------------------------------------------------------- Comment By: Armin Rigo (arigo) Date: 2007-02-13 22:36 Message: Logged In: YES user_id=4771 Originator: NO I think that this opens an attack (untested, though): it allows a previously-interned string to be removed from the dictionary. This might lead to a crash because the old string still thinks it is interned. Try something along the lines of: s1 = "hel" s1 = intern(s1 + "lo") class S(str): def __hash__(self): return hash(s1) def __eq__(self, other): return other == s1 s = S("world") intern(s) del s1 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1658799&group_id=5470 _______________________________________________ Patches mailing list Patches@python.org http://mail.python.org/mailman/listinfo/patches
