Argument accepting a Python object or NULL: error prone API

[vstinner]

Python has multiple C API functions which accept a Python or NULL, both are valid:

• PyObject_SetAttr(obj, attr_name, NULL)
• PyObject_SetAttrString(obj, attr_name, NULL)
• PySequence_SetItem(obj, i, NULL)
• PySequence_SetSlice(obj, i1, i2, NULL)

The problem is: what if creating a value fails and the code pass NULL instead of a Python object, without checking for failure?

The following code sets the number attribute to 123... or deletes the number attribute if PyLong_FromLong() fails (eg. MemoryError).

PyObject *num = PyLong_FromLong(123);
PyObject_SetAttrString(obj, "number", num);
Py_XDECREF(num);
// surprise surprise, was an exception raised or not?

// (... more code ...)

// let's make it even more funny, make the exception silent!
// There are many functions calling PyErr_Clear() for various reasons.
PyErr_Clear();

[vstinner]

See also python/cpython#105375 "Incorrect error handling for APIs that can raise exceptions".

[encukou]

Let's not design new API like this, but IMO this is not a good reason to remove the existing functions.

what if creating a value fails and the code pass NULL instead of a Python object, without checking for failure?

You get surprising but well-defined behaviour -- deletion of an item/attribute. Or the function could do assert(!PyErr_Occurred()) – fail in debug mode.
These is much better than most cases of accidentally sticking NULL somewhere it shouldn't go. It doesn't need to be singled out. The problem is with the user not checking for failure.

A variant of this issue that actually is problematic is tp_setattr, where a user-defined function needs to expect NULL.