Merge p3yk branch with the trunk up to revision 45595. This breaks a fair

number of tests, all because of the codecs/_multibytecodecs issue described
here (it's not a Py3K issue, just something Py3K discovers):
http://mail.python.org/pipermail/python-dev/2006-April/064051.html

Hye-Shik Chang promised to look for a fix, so no need to fix it here. The
tests that are expected to break are:

test_codecencodings_cn
test_codecencodings_hk
test_codecencodings_jp
test_codecencodings_kr
test_codecencodings_tw
test_codecs
test_multibytecodec

This merge fixes an actual test failure (test_weakref) in this branch,
though, so I believe merging is the right thing to do anyway.

3 files changed, 84 insertions, 0 deletions

diff --git a/Lib/test/crashers/README b/Lib/test/crashers/README
index 93692822e3..070c3f122a 100644
--- a/Lib/test/crashers/README
+++ b/Lib/test/crashers/README
@@ -13,3 +13,8 @@ Each test should have a link to the bug report:
 Put as much info into a docstring or comments to help determine
 the cause of the failure.  Particularly note if the cause is
 system or environment dependent and what the variables are.
+
+Once the crash is fixed, the test case should be moved into an appropriate
+test (even if it was originally from the test suite).  This ensures the
+regression doesn't happen again.  And if it does, it should be easier
+to track down.
diff --git a/Lib/test/crashers/dictresize_attack.py b/Lib/test/crashers/dictresize_attack.py
new file mode 100644
index 0000000000..1895791387
--- /dev/null
+++ b/Lib/test/crashers/dictresize_attack.py
@@ -0,0 +1,32 @@
+# http://www.python.org/sf/1456209
+
+# A dictresize() attack.  If oldtable == mp->ma_smalltable then pure
+# Python code can mangle with mp->ma_smalltable while it is being walked
+# over.
+
+class X(object):
+
+    def __hash__(self):
+        return 5
+
+    def __eq__(self, other):
+        if resizing:
+            d.clear()
+        return False
+
+
+d = {}
+
+resizing = False
+
+d[X()] = 1
+d[X()] = 2
+d[X()] = 3
+d[X()] = 4
+d[X()] = 5
+
+# now trigger a resize
+resizing = True
+d[9] = 6
+
+# ^^^ I get Segmentation fault or Illegal instruction here.
diff --git a/Lib/test/crashers/nasty_eq_vs_dict.py b/Lib/test/crashers/nasty_eq_vs_dict.py
new file mode 100644
index 0000000000..3f3083da89
--- /dev/null
+++ b/Lib/test/crashers/nasty_eq_vs_dict.py
@@ -0,0 +1,47 @@
+# from http://mail.python.org/pipermail/python-dev/2001-June/015239.html
+
+# if you keep changing a dictionary while looking up a key, you can
+# provoke an infinite recursion in C
+
+# At the time neither Tim nor Michael could be bothered to think of a
+# way to fix it.
+
+class Yuck:
+    def __init__(self):
+        self.i = 0
+
+    def make_dangerous(self):
+        self.i = 1
+
+    def __hash__(self):
+        # direct to slot 4 in table of size 8; slot 12 when size 16
+        return 4 + 8
+
+    def __eq__(self, other):
+        if self.i == 0:
+            # leave dict alone
+            pass
+        elif self.i == 1:
+            # fiddle to 16 slots
+            self.__fill_dict(6)
+            self.i = 2
+        else:
+            # fiddle to 8 slots
+            self.__fill_dict(4)
+            self.i = 1
+
+        return 1
+
+    def __fill_dict(self, n):
+        self.i = 0
+        dict.clear()
+        for i in range(n):
+            dict[i] = i
+        dict[self] = "OK!"
+
+y = Yuck()
+dict = {y: "OK!"}
+
+z = Yuck()
+y.make_dangerous()
+print dict[z]