Richard Oudkerk added the comment:
The current non-test uses of PyMemoryView_FromBuffer() are in
_io.BufferedReader.read(), _io.BufferedWriter.write(), PyUnicode_Decode().
It looks like they can each be made to leak a memoryview that references a
deallocated buffer. (Maybe the answer is Don't Do That.)
import codecs, sys
def decode(buf):
global view
view = buf
return codecs.latin_1_decode(buf)
def getregentry():
return codecs.CodecInfo(name='foobar', decode=decode,
encode=codecs.latin_1_encode)
@codecs.register
def search_function(encoding):
if encoding == 'foobar':
return codecs.CodecInfo(*getregentry())
b = b'hello'.upper()
b.decode('foobar')
print(view.tobytes()) # => b'HELLO'
del b
x = b'dump'.upper()
print(view.tobytes()) # => b'DUMP\x00'
import io, sys
class File(io.RawIOBase):
def readinto(self, buf):
global view
view = buf
n = len(buf)
buf[:] = b'x'*n
return n
def readable(self):
return True
f = io.BufferedReader(File())
f.read(1)
print(view[:5].tobytes()) # => b'xxxxx'
del f
print(view[:5].tobytes()) # => b'\xdd\xdd\xdd\xdd\xdd'
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue15903>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
