This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Compiling long expression leads to segfault (again)
Type: crash Stage: resolved
Components: Interpreter Core, Library (Lib) Versions: Python 3.10, Python 3.9, Python 3.8
process
Status: closed Resolution: duplicate
Dependencies: Superseder: Eval with too high string multiplication crashes newer Python versions
View: 42609
Assigned To: Nosy List: ronaldoussoren, serhiy.storchaka, xtreak, xxm
Priority: normal Keywords:

Created on 2021-03-30 04:35 by xxm, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (5)
msg389789 - (view) Author: Xinmeng Xia (xxm) Date: 2021-03-30 04:35
Long computations in pdb.run() lead to interpreter crashes.

Crash example
=======================================================
Python 3.9.2 (default, Mar 12 2021, 15:08:35) 
[GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pdb
>>> pdb.run("1+2"*1000000)
Segmentation fault (core dumped)
=======================================================

Environment:
Ubuntu 16.04, Python 3.9.2, Python 3.10.0a6
Mac OS Big Sur 11.2.3, Python 3.91, Python 3.10.0a2
msg390049 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2021-04-02 10:24
```pdb.run(...)``` is ends up in ```bdb.Bdb.run```, which uses compile and exec to run the code.

And indeed:

>>> compile("1+2" * 1000000, "-", "exec")
zsh: segmentation fault  python3.9
msg390055 - (view) Author: Karthikeyan Singaravelan (xtreak) * (Python committer) Date: 2021-04-02 12:37
This looks like a duplicate of https://bugs.python.org/issue42714 which has been fixed.
msg390283 - (view) Author: Xinmeng Xia (xxm) Date: 2021-04-06 06:54
pdb.run() seems crashing different positions of Python (Python/ast_opt.c:488 for pdb.run, Python/ast_opt.c:494 for compile()). But the commit 364d0d20f924071b749e5a889eca22628f4892a3, PR 23744, bpo-42609 for compile() also fix this bug in pdb.run(). Should we close this issue and mark it as fixed? 



$ gdb ./python
(gdb) run
Python 3.10.0a6 (default, Mar 19 2021, 11:45:56) [GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> compile("1+2" * 1000000, "-", "exec")

Program received signal SIGSEGV, Segmentation fault.
0x000000000063aedc in astfold_expr (node_=0xf5707d0, ctx_=0x7ffff6282450, 
    state=0x7fffffffd608) at Python/ast_opt.c:494
494	        CALL(astfold_expr, expr_ty, node_->v.BinOp.left);
(gdb) run
Python 3.10.0a6 (default, Mar 19 2021, 11:45:56) [GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pdb
>>> pdb.run("1+2"*1000000)

Program received signal SIGSEGV, Segmentation fault.
0x000000000063ac8f in astfold_expr (node_=0xf59b810, ctx_=0x7ffff61f7c30, 
    state=0x7fffffffd1c8) at Python/ast_opt.c:488
488	{
(gdb)


$gdb '/home/xxm/Downloads/cpython-364d0d20f924071b749e5a889eca22628f4892a3/python' 
(gdb) run
Python 3.10.0a3+ (default, Apr  6 2021, 11:24:27) 
[GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> compile("1+2" * 1000000, "-", "exec")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
RecursionError: maximum recursion depth exceeded during compilation
>>> import pdb
>>> pdb.run("1+2"*1000000)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/xxm/Downloads/cpython-364d0d20f924071b749e5a889eca22628f4892a3/Lib/pdb.py", line 1597, in run
    Pdb().run(statement, globals, locals)
  File "/home/xxm/Downloads/cpython-364d0d20f924071b749e5a889eca22628f4892a3/Lib/bdb.py", line 577, in run
    cmd = compile(cmd, "<string>", "exec")
RecursionError: maximum recursion depth exceeded during compilation
msg390286 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2021-04-06 07:35
It is an old known issue, it is not specific to pdb, but happens with compile(), and it is not fixed yet.

>>> compile("+0"*1000000, '?', 'eval')
Segmentation fault (core dumped)

Stack overflow in recursive call of validate_expr() in at Python/ast.c:223.
History
Date User Action Args
2022-04-11 14:59:43adminsetgithub: 87830
2021-04-25 10:45:04serhiy.storchakasetstatus: open -> closed
superseder: Eval with too high string multiplication crashes newer Python versions
resolution: duplicate
stage: resolved
2021-04-22 07:15:32serhiy.storchakalinkissue43909 superseder
2021-04-06 07:37:22serhiy.storchakasettitle: Long computations in pdb.run() lead to segfault -> Compiling long expression leads to segfault (again)
versions: + Python 3.8, Python 3.10
2021-04-06 07:35:32serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg390286
2021-04-06 06:54:38xxmsetmessages: + msg390283
2021-04-02 12:37:37xtreaksetnosy: + xtreak
messages: + msg390055
2021-04-02 10:24:09ronaldoussorensetnosy: + ronaldoussoren
messages: + msg390049
components: + Interpreter Core
2021-03-30 04:35:44xxmcreate