This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Segfault in new PEG parser
Type: crash Stage: resolved
Components: Interpreter Core Versions: Python 3.10
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: pablogsal Nosy List: miss-islington, pablogsal, stestagg, vstinner
Priority: normal Keywords: patch

Created on 2020-06-07 22:09 by stestagg, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 20697 merged pablogsal, 2020-06-07 22:48
PR 20704 merged miss-islington, 2020-06-08 01:57
Messages (6)
msg370916 - (view) Author: Steve Stagg (stestagg) Date: 2020-06-07 22:09 
The input `p=p=` causes python 3.10 to crash.

I bisected the change, and the behavior appears to have been introduced by 16ab07063cb564c1937714bd39d6915172f005b5 (bpo-40334: Correctly identify invalid target in assignment errors (GH-20076) )

Steps to reproduce:

$ echo 'p=p=' | /path/to/python3.10
=== SIGSEGV (Address boundary error)


Analysis:

This code is an invalid assignment, and the parser tries to generate a useful message for this case (invalid_assignment_rule).

However, the `target` of the assignment is a Name node.

The invalid_assignment_rule function tries to identify the target of the assignment, to create a useful description for the error menssage by calling `_PyPegen_get_invalid_target`, passing in the Name Node.

`PyPegen_get_invalid_target` returns NULL if the type is a Name type (pegen.c:2114).

The result of this call is then passed unconditionally to _PyPegen_get_expr_name, which is expecting a statement, not NULL.

Error happens here: pegen.c:164
`_PyPegen_get_expr_name(expr_ty e)` is being called with `e = 0x0`
msg370948 - (view) Author: miss-islington (miss-islington) Date: 2020-06-08 01:57 
New changeset 9f495908c5bd3645ed1af82d7bae6782720dab77 by Pablo Galindo in branch 'master':
bpo-40903: Handle multiple '=' in invalid assignment rules in the PEG parser (GH-20697)
https://github.com/python/cpython/commit/9f495908c5bd3645ed1af82d7bae6782720dab77
msg370968 - (view) Author: miss-islington (miss-islington) Date: 2020-06-08 09:22 
New changeset 8df4f3942faf05790efeaf62a8f493aabd181d3f by Miss Islington (bot) in branch '3.9':
bpo-40903: Handle multiple '=' in invalid assignment rules in the PEG parser (GH-20697)
https://github.com/python/cpython/commit/8df4f3942faf05790efeaf62a8f493aabd181d3f
msg371002 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-06-08 16:02 
https://buildbot.python.org/all/#builders/765/builds/51

The new test fails with the old parser:

**********************************************************************
File "/buildbot/buildarea/3.9.pablogsal-arch-x86_64.oldparser/build/Lib/test/test_syntax.py", line 66, in test.test_syntax
Failed example:
    yield = 1
Expected:
    Traceback (most recent call last):
    SyntaxError: assignment to yield expression not possible
Got:
    Traceback (most recent call last):
      File "/buildbot/buildarea/3.9.pablogsal-arch-x86_64.oldparser/build/Lib/doctest.py", line 1336, in __run
        exec(compile(example.source, filename, "single",
      File "<doctest test.test_syntax[10]>", line 1
        yield = 1
              ^
    SyntaxError: invalid syntax
**********************************************************************
1 items had failures:
   1 of 108 in test.test_syntax
msg371003 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-06-08 16:03 
> The new test fails with the old parser:

Oh, it's already fixed by:
https://github.com/python/cpython/commit/2b33cc3a2509983c4fa7884fa2722bd2e5781e51
msg371004 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2020-06-08 16:04 
> The new test fails with the old parser:

I fixed it this morning in https://github.com/python/cpython/pull/20717
History
Date User Action Args
2022-04-11 14:59:32adminsetgithub: 85080
2020-06-08 16:04:00pablogsalsetmessages: + msg371004
2020-06-08 16:03:53vstinnersetmessages: + msg371003
2020-06-08 16:02:30vstinnersetnosy: + vstinner
messages: + msg371002
2020-06-08 10:04:06pablogsalsetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2020-06-08 09:22:15miss-islingtonsetmessages: + msg370968
2020-06-08 01:57:12miss-islingtonsetpull_requests: + pull_request19919
2020-06-08 01:57:06miss-islingtonsetnosy: + miss-islington
messages: + msg370948
2020-06-07 23:27:25pablogsalsetassignee: pablogsal
2020-06-07 22:48:56pablogsalsetkeywords: + patch
nosy: + pablogsal

pull_requests: + pull_request19912
stage: patch review
2020-06-07 22:09:09stestaggcreate