1"""
2General example for an attack against code like this:
3
4    Py_DECREF(obj->attr); obj->attr = ...;
5
6here in Module/_json.c:scanner_init().
7
8Explanation: if the first Py_DECREF() calls either a __del__ or a
9weakref callback, it will run while the 'obj' appears to have in
10'obj->attr' still the old reference to the object, but not holding
11the reference count any more.
12
13Status: progress has been made replacing these cases, but there is an
14infinite number of such cases.
15"""
16
17import _json, weakref
18
19class Ctx1(object):
20    encoding = "utf8"
21    strict = None
22    object_hook = None
23    object_pairs_hook = None
24    parse_float = None
25    parse_int = None
26    parse_constant = None
27
28class Foo(unicode):
29    pass
30
31def delete_me(*args):
32    print scanner.encoding.__dict__
33
34class Ctx2(Ctx1):
35    @property
36    def encoding(self):
37        global wref
38        f = Foo("utf8")
39        f.abc = globals()
40        wref = weakref.ref(f, delete_me)
41        return f
42
43scanner = _json.make_scanner(Ctx1())
44scanner.__init__(Ctx2())
45