Argument Clinic: Unsafe code generation with `defining_class` and no slash

[neonene]

Bug report

Bug description:

When using the Argument Clinic to implement a function with METH_METHOD calling convention, the generated code can cause a crash if defining_class is used without slashing. For example, datetime.now() in Modules/_datetimemodule.c produces:

/*[clinic input] 
@classmethod 
datetime.datetime.now 
 
+   cls: defining_class
    tz: object = None 
        Timezone object. 

Returns new datetime object representing current time local to tz.

If no tz is specified, uses local timezone.
[clinic start generated code]*/

static PyObject *
datetime_datetime_now_impl(PyTypeObject *type, ...

>python -m test test_datetime -m test_tzinfo_now
Running Debug|x64 interpreter...
Using random seed: 389474023
0:00:00 Run 1 test sequentially
0:00:00 [1/1] test_datetime
Windows fatal exception: access violation

Thread 0x00001298 (most recent call first):
  File "C:\cp\Lib\test\libregrtest\win_utils.py", line 47 in _update_load

No crash if NUM_KEYWORDS below is 1 in _datetimemodule.c.h:

static PyObject *
datetime_datetime_now(PyTypeObject *type, PyTypeObject *cls, ...
{
    ...
    #define NUM_KEYWORDS 2

CPython versions tested on:

3.13, CPython main branch

Operating systems tested on:

Windows

Linked PRs

• gh-117613: Argument Clinic: ensure that defining_class params are positional-only #117781
• gh-117613: Enhance test_clinic @defining_class tests #117896
• [3.12] gh-117613: Argument Clinic: ensure that defining_class params are positional-only #117939
• gh-117613: Argument Clinic: disallow defining_class parameter at module level #117950

[erlend-aasland]

Yes, Argument Clinic should explicitly check that defining_class is a positional parameter.

[erlend-aasland]

Hm, we should already be checking that. So, perhaps that check is malfunctioning.