| 15 Sep 2022 |
| *  val opens cpython's code | 15:22:50 |
 Nico | Post what you find :p | 15:23:19 |
| val | huh that's funny | 15:33:55 |
| Nico | Hm? | 15:34:05 |
| Nico | Does it do "if hash -1, return -2"? | 15:34:23 |
| val | so, PyLongObject is a "subclass" of PyVarObject, which is the "class" of objects of variable length | 15:35:31 |
| val | PyVarObject has an ob_size field, used to store the size | 15:35:47 |
| val | but it seems that in PyLongObject, it's also used to store the sign of the integer | 15:36:02 |
| Nico | Huh | 15:36:13 |
| val | (PyLongObject also contains a dynamically allocated array of digits) | 15:36:22 |
| val | (gdb) p *((PyLongObject*) 140030768826608)
$5 = {ob_base = {ob_base = {ob_refcnt = 89, ob_type = 0x905f20 <PyLong_Type>}, ob_size = -1}, ob_digit = {1}}
(gdb) p *((PyLongObject*) 140030768826672)
$6 = {ob_base = {ob_base = {ob_refcnt = 377, ob_type = 0x905f20 <PyLong_Type>}, ob_size = 1}, ob_digit = {1}}
| 15:36:40 |
| val | respectively -1 and 1 | 15:36:47 |
| Nico | huh | 15:37:11 |
| val | then, when using hash() on these integer, this code runs: https://github.com/python/cpython/blob/b126196838bbaf5f4d35120e0e6bcde435b0b480/Objects/longobject.c#L3170-L3175 | 15:37:30 |
| val | Py_SIZE() is a getter for ob_size | 15:37:37 |
| val | so there is indeed a hardcoded -2 for when the long is -1 | 15:38:03 |
| Nico | Told ya! | 15:38:13 |
| Nico | Is PySIZE in bytes? | 15:39:03 |
| Nico | Or in 32bit words? | 15:39:09 |
| val | PySIZE has this type: https://docs.python.org/3/c-api/intro.html#c.Py_ssize_t | 15:42:35 |
| val | it was explicitly hardcoded before the int/long merge https://github.com/python/cpython/blame/5b787e8bc2dbda5583eee039cb6a6e47c8d8a034/Objects/longobject.c#L1939-L1940 | 15:45:49 |
| Nico | In reply to @val:e2e.zone
PySIZE has this type: https://docs.python.org/3/c-api/intro.html#c.Py_ssize_t Yeah, but what does it count? | 15:47:30 |
| val | oh I see why. C the function returning -1 probably has (or had) a special meaning | 15:47:42 |
| val | so they just want to avoid it | 15:47:54 |
| Nico | Yes, it means not hashable | 15:47:56 |
| val | there we go, then :D | 15:48:08 |
 TheNamelessWonderer | So the bot executes any code you give it? Isn't that a security risk? | 17:55:27 |
| TheNamelessWonderer | !sh rm | 17:56:25 |
 uwunixbot | Exited with code 1 in 28.7 ms. stderr:
BusyBox v1.35.0 (2022-07-06 19:09:49 UTC) multi-call binary.
Usage: rm [-irf] FILE...
Remove (unlink) FILEs
-i Always prompt before removing
-f Never prompt
-R,-r Recurse
| 17:56:25 |
| TheNamelessWonderer | nice it doesn't stop rm... | 17:56:45 |
