You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My patch for issue bpo-11133 introduced a regression: it is no longer possible to get attributes of modules. That is because modules use "tp_dictoffset" (at C level). The instance __dict__ is exposed to Python code using a types.MemberDescriptorType. My patch for issue bpo-11133 currently assumes that accessing the instance __dict__ can trigger code execution, but that is impossible: The access itself can't trigger code execution (it just returns a PyObject in the C struct). Theoretically, it could return any Python object, but that doesn't matter, as the code that uses the object only calls dict methods directly, hence a TypeError is the worst thing that can happen (although it shouldn't ever happen in practise).
Attached is a patch that adds a test and fixes the issue.
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: