From 5b1438e058c404d1d4a9ee6575facd3f0dc3cfe2 Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com>
Date: Sun, 4 Oct 2020 10:55:17 +0300
Subject: [PATCH] bpo-41909: Enable previously disabled recursion checks.

Enable recursion checks which were disabled when get __bases__ of
non-type objects in issubclass() and isinstance() and when intern
strings. It fixes a stack overflow when getting __bases__ leads
to infinite recursion.

Originally recursion checks was disabled for PyDict_GetItem() which
silences all errors including the one raised in case of detected
recursion and can return incorrect result. But now the code uses
PyDict_GetItemWithError() and PyDict_SetDefault() instead.
---
 Lib/test/test_isinstance.py                            | 10 ++++++++++
 .../2020-10-04-10-55-12.bpo-41909.BqHPcm.rst           |  2 ++
 Objects/abstract.c                                     |  2 --
 Objects/unicodeobject.c                                |  2 --
 4 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Core and Builtins/2020-10-04-10-55-12.bpo-41909.BqHPcm.rst

diff --git a/Lib/test/test_isinstance.py b/Lib/test/test_isinstance.py
index 91e79c295481db..109c3f84a5c426 100644
--- a/Lib/test/test_isinstance.py
+++ b/Lib/test/test_isinstance.py
@@ -303,6 +303,16 @@ def __bases__(self):
 
         self.assertEqual(True, issubclass(B(), int))
 
+    def test_infinite_recursion_in_bases(self):
+        class X:
+            @property
+            def __bases__(self):
+                return self.__bases__
+
+        self.assertRaises(RecursionError, issubclass, X(), int)
+        self.assertRaises(RecursionError, issubclass, int, X())
+        self.assertRaises(RecursionError, isinstance, 1, X())
+
 
 def blowstack(fxn, arg, compare_to):
     # Make sure that calling isinstance with a deeply nested tuple for its
diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-10-04-10-55-12.bpo-41909.BqHPcm.rst b/Misc/NEWS.d/next/Core and Builtins/2020-10-04-10-55-12.bpo-41909.BqHPcm.rst
new file mode 100644
index 00000000000000..388cfea065eedc
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2020-10-04-10-55-12.bpo-41909.BqHPcm.rst	
@@ -0,0 +1,2 @@
+Fixed stack overflow in :func:`issubclass` and :func:`isinstance` when
+getting the ``__bases__`` attribute leads to infinite recursion.
diff --git a/Objects/abstract.c b/Objects/abstract.c
index c471f184f6c848..c30fb4eb6a604e 100644
--- a/Objects/abstract.c
+++ b/Objects/abstract.c
@@ -2336,9 +2336,7 @@ abstract_get_bases(PyObject *cls)
     _Py_IDENTIFIER(__bases__);
     PyObject *bases;
 
-    Py_ALLOW_RECURSION
     (void)_PyObject_LookupAttrId(cls, &PyId___bases__, &bases);
-    Py_END_ALLOW_RECURSION
     if (bases != NULL && !PyTuple_Check(bases)) {
         Py_DECREF(bases);
         return NULL;
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index cf72238a8d0585..6ae06a508c6140 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -15734,9 +15734,7 @@ PyUnicode_InternInPlace(PyObject **p)
     }
 
     PyObject *t;
-    Py_ALLOW_RECURSION
     t = PyDict_SetDefault(interned, s, s);
-    Py_END_ALLOW_RECURSION
 
     if (t == NULL) {
         PyErr_Clear();