➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2020-06-20 21:36 by stestagg, last changed 2022-04-11 14:59 by admin. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 21020 | merged | lys.nikolaou, 2020-06-20 23:03 | |
| PR 21024 | merged | lys.nikolaou, 2020-06-21 02:28 | |
| Messages (6) | |||
|---|---|---|---|
| msg371964 - (view) | Author: Steve Stagg (stestagg) | Date: 2020-06-20 21:36 | |
Hi
Fuzzing found the following:
$ ./python/bin/python3
Python 3.10.0a0 (heads/master:eb0d5c38de, Jun 20 2020, 21:35:36)
[Clang 10.0.0 ] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> with a as b
fish: “./python/bin/python3” terminated by signal SIGSEGV (Address boundary error)
with stacktrace:
* thread #1, name = 'run', stop reason = signal SIGSEGV: invalid address (fault address: 0x20)
* frame #0: 0x0000555555a08feb run`with_item_rule at parser.c:15382:20
frame #1: 0x0000555555a08e96 run`with_item_rule(p=0x00007ffff78b9e40) at parser.c:4330
frame #2: 0x00005555559d22e9 run`compound_stmt_rule at parser.c:17930:21
frame #3: 0x00005555559d227c run`compound_stmt_rule at parser.c:4139
frame #4: 0x00005555559d1a64 run`compound_stmt_rule(p=<unavailable>) at parser.c:1931
frame #5: 0x00005555559d016c run`statements_rule at parser.c:1230:18
frame #6: 0x00005555559d00fb run`statements_rule at parser.c:16156
frame #7: 0x00005555559cff4d run`statements_rule(p=<unavailable>) at parser.c:1189
frame #8: 0x00005555559cb2bc run`_PyPegen_parse at parser.c:722:18
frame #9: 0x00005555559cb28d run`_PyPegen_parse(p=0x00007ffff78b9e40) at parser.c:24688
frame #10: 0x00005555559c5349 run`_PyPegen_run_parser(p=0x00007ffff78b9e40) at pegen.c:1083:17
frame #11: 0x00005555559c6458 run`_PyPegen_run_parser_from_string(str=<unavailable>, start_rule=<unavailable>, filename_ob=0x00007ffff788db30, flags=<unavailable>, arena=<unavailable>) at pegen.c:1201:14
frame #12: 0x00005555555eea84 run`PyPegen_ASTFromStringObject(str="with'lZ''</'as sdbm.N", filename=0x00007ffff788db30, mode=257, flags=0x0000000000000000, arena=0x00007ffff78e4910) at peg_api.c:27:21
frame #13: 0x00005555555a8413 run`PyRun_StringFlags(str="with'lZ''</'as sdbm.N", start=<unavailable>, globals=0x00007ffff788d940, locals=0x00007ffff788d940, flags=0x0000000000000000) at pythonrun.c:1029:11
frame #14: 0x00005555555a8202 run`PyRun_SimpleStringFlags(command="with'lZ''</'as sdbm.N", flags=0x0000000000000000) at pythonrun.c:429:9
frame #15: 0x0000555555595936 run`main(argc=<unavailable>, argv=<unavailable>) at run.c:19:3
frame #16: 0x00007ffff7c35002 libc.so.6`__libc_start_main + 242
frame #17: 0x000055555559568e run`_start + 46
This appears to be similar to: https://bugs.python.org/issue40903, where GET_INVALID_TARGET is being called with an Attribute Node, which returns None, and this result is passed, unchecked into `PyPegen_get_expr_name`
|
|||
| msg371965 - (view) | Author: Steve Stagg (stestagg) | Date: 2020-06-20 22:01 | |
Appears to have been introduced by: bpo-40334: Produce better error messages on invalid targets (GH-20106) 01ece63d42b830df106948db0aefa6c1ba24416a |
|||
| msg371970 - (view) | Author: Lysandros Nikolaou (lys.nikolaou) *  |
Date: 2020-06-20 22:52 | |
On it. |
|||
| msg371972 - (view) | Author: Lysandros Nikolaou (lys.nikolaou) * |
Date: 2020-06-20 23:10 | |
Thanks for the report, Steve. I've now opened a PR that should fix this. |
|||
| msg371978 - (view) | Author: Pablo Galindo Salgado (pablogsal) * |
Date: 2020-06-21 02:18 | |
New changeset 6c4e0bd974f2895d42b63d9d004587e74b286c88 by Lysandros Nikolaou in branch 'master': bpo-41060: Avoid SEGFAULT when calling GET_INVALID_TARGET in the grammar (GH-21020) https://github.com/python/cpython/commit/6c4e0bd974f2895d42b63d9d004587e74b286c88 |
|||
| msg371979 - (view) | Author: miss-islington (miss-islington) | Date: 2020-06-21 02:47 | |
New changeset 71bb921829c33c30b2e111e18948df8c2b6731e4 by Lysandros Nikolaou in branch '3.9': [3.9] bpo-41060: Avoid SEGFAULT when calling GET_INVALID_TARGET in the grammar (GH-21020) (GH-21024) https://github.com/python/cpython/commit/71bb921829c33c30b2e111e18948df8c2b6731e4 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:32 | admin | set | github: 85232 |
| 2020-06-21 02:47:28 | miss-islington | set | nosy:
+ miss-islington messages: + msg371979 |
| 2020-06-21 02:30:45 | lys.nikolaou | set | status: open -> closed resolution: fixed stage: patch review -> resolved |
| 2020-06-21 02:28:44 | lys.nikolaou | set | pull_requests: + pull_request20196 |
| 2020-06-21 02:18:07 | pablogsal | set | messages: + msg371978 |
| 2020-06-20 23:10:45 | lys.nikolaou | set | messages: + msg371972 |
| 2020-06-20 23:07:38 | lys.nikolaou | set | assignee: lys.nikolaou |
| 2020-06-20 23:03:50 | lys.nikolaou | set | keywords:
+ patch stage: patch review pull_requests: + pull_request20192 |
| 2020-06-20 22:52:09 | lys.nikolaou | set | messages: + msg371970 |
| 2020-06-20 22:50:23 | gvanrossum | set | nosy:
+ gvanrossum, pablogsal |
| 2020-06-20 22:24:39 | pablogsal | set | nosy:
+ lys.nikolaou |
| 2020-06-20 22:01:11 | stestagg | set | messages: + msg371965 |
| 2020-06-20 21:36:11 | stestagg | create | |