New submission from STINNER Victor: The new _asyncio module of Python 3.6 uses the _PyObject_CallMethodId() function to call functions. This function has a weird behaviour when using the format string "O": if the object is a tuple, the tuple is unpacked.
_PyObject_CallMethodId(obj, &PyId_meth, "O", tuple, NULL) calls obj.meth(*tuple) instead of obj.meth(tuple). I only found one function which may have the bug: task_call_step(). But it seems like this function cannot be called with a tuple as "arg", only with an exception object. But just in case, I would suggest to replace: _PyObject_CallMethodId(obj, nameid, "O", arg); with _PyObject_CallMethodIdObjArgs(obj, nameid, arg, NULL); Note: _PyObject_CallMethodId() is called with a NULL terminal in the argument list, but the NULL is useless. A terminator is only required by _PyObject_CallMethodIdObjArgs(). Yeah, Python has a wide choice of functions to call a callable object, with funny APIs... And I'm adding new ones to Python 3.7 ;-) ---------- components: asyncio messages: 282778 nosy: gvanrossum, haypo, yselivanov priority: normal severity: normal status: open title: Dangerous usage of "O" format string in _asynciomodule.c versions: Python 3.6, Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28920> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
