bpo-39421: Fix posible crash in heapq with custom comparison operators

[pablogsal]

https://bugs.python.org/issue39421

[corona10]

import heapq

class h(int):
    def __lt__(self, o):
        list2.clear()
        return NotImplemented

class g(int):
    def __lt__(self, o):
        list1.clear()
        return NotImplemented

list1, list2 = [], []

heapq.heappush(list1, h(0))
heapq.heappush(list2, g(0))

print(list1)
print(list2)

heapq.heappush(list1, g(1))
heapq.heappush(list2, h(1))
print(list1)
print(list2)

This PR does not fix this case. Please take a look

[pablogsal]

This PR does not fix this case. Please take a look

Thanks! I added a test in 9718f66

[corona10]

LGTM

Just comment:
In some time, if we can pass objects as a variadic argument.
The code might be cleaner. (I don't deeply think about the possibility)

e.g. Py_INCREF(a, b, c...); Py_DECREF(a, b, c...);

[pablogsal]

e.g. Py_INCREF(a, b, c...); Py_DECREF(a, b, c...);

We would need a different function as C does not allow overloads (for va_list in this case) and I don't think is that common

[pablogsal]

I would like to wait to see if @vstinner and @methane would prefer to add the check into PyObject_RichCompareBool instead although I think it would be too costly.

[alex]

This should be backported to all branches that are still doing security releases.

[miss-islington]

Thanks @pablogsal for the PR 🌮🎉.. I'm working now to backport this PR to: 3.6, 3.7, 3.8.
🐍🍒⛏🤖

[bedevere-bot]

GH-18145 is a backport of this pull request to the 3.7 branch.

[bedevere-bot]

GH-18144 is a backport of this pull request to the 3.8 branch.

[bedevere-bot]

GH-18146 is a backport of this pull request to the 3.6 branch.

[miss-islington]

Thanks @pablogsal for the PR 🌮🎉.. I'm working now to backport this PR to: 3.8.
🐍🍒⛏🤖

[bedevere-bot]

GH-18149 is a backport of this pull request to the 3.8 branch.