Skip to content

Calling PyList_GetItemRef after PyList_New segfaults #121403

Description

@lysnikolaou

Crash report

What happened?

While working on Pillow, I came across the following issue: I'm getting a crash when calling PyList_GetItemRef immediately after calling PyList_New since list item is initialized to NULL.

PyObject *list = PyList_New(1);
return PyList_GetItemRef(list, 0);

In the docs for PyList_New, we include the following note:

If len is greater than zero, the returned list object’s items are set to NULL. Thus you cannot use abstract API functions such as PySequence_SetItem() or expose the object to Python code before setting all items to a real object with PyList_SetItem().

Not sure if this includes calling PyList_GetItemRef.

The problem is there on both builds, cause they both eventually try to call some variation of Py_NewRef / _Py_NewRefWithLock. PyList_GetItem does not crash and returns NULL.

CPython versions tested on:

CPython main branch

Operating systems tested on:

macOS

Output from running 'python -VV' on the command line:

Python 3.13.0b2+ (heads/3.13:7302855, Jun 21 2024, 10:05:10) [Clang 15.0.0 (clang-1500.3.9.4)]

Linked PRs

Metadata

Metadata

Assignees

No one assigned

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions