classification
Title: PEG parser segfault from ast.literal_eval
Type: crash Stage: resolved
Components: Parser Versions: Python 3.11
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: pablogsal Nosy List: gregory.p.smith, kumaraditya303, lys.nikolaou, miss-islington, pablogsal
Priority: normal Keywords: patch

Created on 2022-01-11 02:56 by gregory.p.smith, last changed 2022-01-20 13:09 by pablogsal. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 30529 merged pablogsal, 2022-01-11 11:50
PR 30542 merged miss-islington, 2022-01-11 16:33
PR 30545 merged pablogsal, 2022-01-11 18:32
Messages (7)
msg410270 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2022-01-11 02:56
cpython/b$ ./python 
Python 3.11.0a3+ (heads/main-dirty:081a214008, Jan 11 2022, 02:48:22) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ast
>>> ast.literal_eval('''F"""
... 
... 
... {6
... 0="""''')
Segmentation fault

this was discovered by oss-fuzz.

This may be a recent regression?  It didn't happen on my build from a few weeks ago.  worth testing on older versions.
msg410275 - (view) Author: Kumar Aditya (kumaraditya303) * Date: 2022-01-11 04:49
I tested it on 3.10.1 and it didn't segfault on Windows 11 so seems like 3.11 regression.
msg410291 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2022-01-11 11:13
Seems that the regression is caused by this commit:

6fa8b2ceee38187b0ae96aee12fe4f0a5c8a2ce7 is the first bad commit
commit 6fa8b2ceee38187b0ae96aee12fe4f0a5c8a2ce7
Author: Pablo Galindo Salgado <Pablogsal@gmail.com>
Date:   Sat Jan 8 00:23:40 2022 +0000

    bpo-46237: Fix the line number of tokenizer errors inside f-strings (GH-30463)

 Lib/test/test_exceptions.py                                  | 12 ++++++++++++
 .../2022-01-07-19-33-05.bpo-46237.9A6Hpq.rst                 |  2 ++
 Parser/pegen.c                                               |  8 ++++----
 Parser/string_parser.c                                       |  5 ++++-
 4 files changed, 22 insertions(+), 5 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Core and Builtins/2022-01-07-19-33-05.bpo-46237.9A6Hpq.rst
msg410294 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2022-01-11 11:15
The reason is that the line numbers are now correctly identified, and that causes existing code to not work correctly :(
msg410313 - (view) Author: miss-islington (miss-islington) Date: 2022-01-11 16:30
New changeset cedec19be81e6bd153678bfb28c8e217af8bda58 by Pablo Galindo Salgado in branch 'main':
bpo-46339: Fix crash in the parser when computing error text for multi-line f-strings (GH-30529)
https://github.com/python/cpython/commit/cedec19be81e6bd153678bfb28c8e217af8bda58
msg410852 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2022-01-18 11:13
New changeset 8c2fd09f365e082cfceb29afdf38953cdd670946 by Pablo Galindo Salgado in branch 'main':
bpo-46339: Include clarification on assert in 'get_error_line_from_tokenizer_buffers' (#30545)
https://github.com/python/cpython/commit/8c2fd09f365e082cfceb29afdf38953cdd670946
msg411023 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2022-01-20 13:05
New changeset 1fb1f5d8bd084c20f0a5fde547b563c08d103f09 by Miss Islington (bot) in branch '3.10':
[3.10] bpo-46339: Fix crash in the parser when computing error text for multi-line f-strings (GH-30529) (GH-30542)
https://github.com/python/cpython/commit/1fb1f5d8bd084c20f0a5fde547b563c08d103f09
History
Date User Action Args
2022-01-20 13:09:49pablogsalsetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2022-01-20 13:05:27pablogsalsetmessages: + msg411023
2022-01-18 11:13:08pablogsalsetmessages: + msg410852
2022-01-11 18:32:58pablogsalsetpull_requests: + pull_request28743
2022-01-11 16:33:23miss-islingtonsetpull_requests: + pull_request28740
2022-01-11 16:30:43miss-islingtonsetnosy: + miss-islington
messages: + msg410313
2022-01-11 11:50:52pablogsalsetkeywords: + patch
stage: needs patch -> patch review
pull_requests: + pull_request28730
2022-01-11 11:15:36pablogsalsetmessages: + msg410294
2022-01-11 11:13:00pablogsalsetmessages: + msg410291
2022-01-11 04:49:06kumaraditya303setnosy: + kumaraditya303
messages: + msg410275
2022-01-11 02:56:11gregory.p.smithcreate