Fix the C extension module to harden is_namedtuple.

Protects against looks-a-likes such as Mocks. Also prevent dict encoding from causing an unraised SystemError when encountering a non-Dict. Noticed by running user tests against a CPython interpreter with C asserts enabled (COPTS += -UNDEBUG).
author: Gregory P. Smith [Google LLC] <gps@google.com> 2021-07-16 23:09:10 -0700
committer: Gregory P. Smith [Google LLC] <gps@google.com> 2021-07-16 23:09:10 -0700
commit: c901c8cbb5fc67e069011f11fe954908e781470b (patch)
tree: 11ba9722ce3e54e7df491abc6767086f24b5cff1 /simplejson
parent: 16f362cacd53abee3e60b14d18536cf32e4219f0 (diff)
download: simplejson-c901c8cbb5fc67e069011f11fe954908e781470b.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/simplejson/_speedups.c b/simplejson/_speedups.c
index e710128..7c3b6b0 100644
--- a/simplejson/_speedups.c
+++ b/simplejson/_speedups.c
@@ -386,6 +386,9 @@ static int
 _is_namedtuple(PyObject *obj)
 {
     int rval = 0;
+    if (!PyTuple_Check(obj)) {
+        return 0;
+    }
     PyObject *_asdict = PyObject_GetAttrString(obj, "_asdict");
     if (_asdict == NULL) {
         PyErr_Clear();
@@ -2953,6 +2956,9 @@ encoder_listencode_dict(PyEncoderObject *s, JSON_Accu *rval, PyObject *dct, Py_s
     PyObject *encoded = NULL;
     Py_ssize_t idx;
 
+    if (!PyDict_Check(dct)) {
+        return -1;
+    }
     if (open_dict == NULL || close_dict == NULL || empty_dict == NULL) {
         open_dict = JSON_InternFromString("{");
         close_dict = JSON_InternFromString("}");
author	Gregory P. Smith [Google LLC] <gps@google.com>	2021-07-16 23:09:10 -0700
committer	Gregory P. Smith [Google LLC] <gps@google.com>	2021-07-16 23:09:10 -0700
commit	c901c8cbb5fc67e069011f11fe954908e781470b (patch)
tree	11ba9722ce3e54e7df491abc6767086f24b5cff1 /simplejson
parent	16f362cacd53abee3e60b14d18536cf32e4219f0 (diff)
download	simplejson-c901c8cbb5fc67e069011f11fe954908e781470b.tar.gz