From 5837d0418f47933b2e3c139bdee8a79c248a943c Mon Sep 17 00:00:00 2001
From: Oren Milman <orenmn@gmail.com>
Date: Wed, 27 Sep 2017 17:04:37 +0300
Subject: bpo-31588: Validate return value of __prepare__() methods (GH-3764)

Class execution requires that __prepare__() methods return
a proper execution namespace. Check for that immediately
after calling __prepare__(), rather than passing it through
to the code execution machinery and potentially triggering
SystemError (in debug builds) or a cryptic TypeError
(in release builds).

Patch by Oren Milman.
---
 Python/bltinmodule.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'Python/bltinmodule.c')

diff --git a/Python/bltinmodule.c b/Python/bltinmodule.c
index c363cfe8ce..2269fe2165 100644
--- a/Python/bltinmodule.c
+++ b/Python/bltinmodule.c
@@ -157,6 +157,13 @@ builtin___build_class__(PyObject *self, PyObject **args, Py_ssize_t nargs,
         Py_DECREF(bases);
         return NULL;
     }
+    if (!PyMapping_Check(ns)) {
+        PyErr_Format(PyExc_TypeError,
+                     "%.200s.__prepare__() must return a mapping, not %.200s",
+                     isclass ? ((PyTypeObject *)meta)->tp_name : "<metaclass>",
+                     Py_TYPE(ns)->tp_name);
+        goto error;
+    }
     cell = PyEval_EvalCodeEx(PyFunction_GET_CODE(func), PyFunction_GET_GLOBALS(func), ns,
                              NULL, 0, NULL, 0, NULL, 0, NULL,
                              PyFunction_GET_CLOSURE(func));
-- 
cgit v1.2.1