classification
Title: Crash when try to disassemble bogus code object
Type: crash Stage: resolved
Components: Interpreter Core Versions: Python 3.10
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Mark.Shannon Nosy List: Mark.Shannon, ammar2, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2020-12-25 11:55 by serhiy.storchaka, last changed 2021-04-29 13:16 by Mark.Shannon. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 25657 merged Mark.Shannon, 2021-04-27 09:52
Messages (5)
msg383741 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2020-12-25 11:55
>>> def f(): pass
... 
>>> co = f.__code__.replace(co_linetable=b'')
>>> import dis
>>> dis.dis(co)
python: Objects/codeobject.c:1185: PyLineTable_NextAddressRange: Assertion `!at_end(range)' failed.
Aborted (core dumped)

It is expected that executing bogus code object can crash (or cause any other effect). But it is surprising that just inspecting it causes a crash.
msg383929 - (view) Author: Ammar Askar (ammar2) * (Python committer) Date: 2020-12-28 20:46
This seems to be part 2 of the problems Mark mentioned in issue42562. Namely in this case the `co_lnotab` accessor uses PyLineTable_NextAddressRange which has that assertion.
msg384325 - (view) Author: Mark Shannon (Mark.Shannon) * (Python committer) Date: 2021-01-04 14:31
dis is able to handle code with no line numbers.

>>> def f(): pass
... 
>>> co = f.__code__.replace(co_linetable=b'\xff')
>>> list(co.co_lines())
[]
>>> import dis
>>> dis.dis(co)
          0 LOAD_CONST               0 (None)
          2 RETURN_VALUE

The problem with the example Serhiy gives is that the line number table does not end in a sentinel value.

You shouldn't be creating code objects unless you really know what you are doing. I.e. never.

For manually created code objects that don't respect the invariants, any behavior is acceptable IMO.
msg392051 - (view) Author: Mark Shannon (Mark.Shannon) * (Python committer) Date: 2021-04-27 09:49
Using sentinels as a marker to terminate the line number table, might be a problem if we want to use a different format. So I'm fixing this for 3.10.
msg392302 - (view) Author: Mark Shannon (Mark.Shannon) * (Python committer) Date: 2021-04-29 12:12
New changeset c76da79b37d2bcbe575cc927ba0a9b7a9ce465db by Mark Shannon in branch 'master':
bpo-42739: Don't use sentinels to mark end of line table. (GH-25657)
https://github.com/python/cpython/commit/c76da79b37d2bcbe575cc927ba0a9b7a9ce465db
History
Date User Action Args
2021-04-29 13:16:18Mark.Shannonsetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2021-04-29 12:12:58Mark.Shannonsetmessages: + msg392302
2021-04-27 09:52:05Mark.Shannonsetkeywords: + patch
stage: patch review
pull_requests: + pull_request24348
2021-04-27 09:49:00Mark.Shannonsetmessages: + msg392051
2021-01-04 14:31:20Mark.Shannonsetassignee: Mark.Shannon
messages: + msg384325
2020-12-28 20:46:13ammar2setnosy: + ammar2
messages: + msg383929
2020-12-25 11:55:58serhiy.storchakacreate