Parser hanging on stacked { tokens #90863

tonybaloney · 2022-02-10T03:00:43Z

BPO	46707
Nosy	@tonybaloney, @lysnikolaou, @pablogsal
PRs	bpo-46707: Avoid potential exponential backtracking in some syntax errors #31241 [3.10] bpo-46707: Avoid potential exponential backtracking in some syntax errors (GH-31241). #31242

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2022-02-10.03:54:55.013>
created_at = <Date 2022-02-10.03:00:43.493>
labels = ['interpreter-core', '3.10', 'type-crash', '3.11']
title = 'Parser hanging on stacked { tokens'
updated_at = <Date 2022-02-10.03:55:09.308>
user = 'https://github.com/tonybaloney'

bugs.python.org fields:

activity = <Date 2022-02-10.03:55:09.308>
actor = 'pablogsal'
assignee = 'none'
closed = True
closed_date = <Date 2022-02-10.03:54:55.013>
closer = 'pablogsal'
components = ['Parser']
creation = <Date 2022-02-10.03:00:43.493>
creator = 'anthonypjshaw'
dependencies = []
files = []
hgrepos = []
issue_num = 46707
keywords = ['patch', '3.10regression']
message_count = 4.0
messages = ['412972', '412974', '412975', '412976']
nosy_count = 3.0
nosy_names = ['anthonypjshaw', 'lys.nikolaou', 'pablogsal']
pr_nums = ['31241', '31242']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue46707'
versions = ['Python 3.10', 'Python 3.11']

tonybaloney · 2022-02-10T03:00:43Z

Providing an (invalid) input to the parser causes an exponentially-slow DoS to the Python executable in 3.10.

e.g.

python3.10 -c "{{{{{{{{{{{{{{{{{{{{{:"

takes ~2 seconds

python3.10 -c "{{{{{{{{{{{{{{{{{{{{{{{{:"

takes ~22 seconds

Tested this all the way up to
d{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{```{{{{{{{ef f():y

which took over an hour

pablogsal · 2022-02-10T03:37:26Z

New changeset b71dc71 by Pablo Galindo Salgado in branch 'main':
bpo-46707: Avoid potential exponential backtracking in some syntax errors (GH-31241)
b71dc71

pablogsal · 2022-02-10T03:54:55Z

New changeset 9b23f8f by Pablo Galindo Salgado in branch '3.10':
[3.10] bpo-46707: Avoid potential exponential backtracking in some syntax errors (GH-31241). (GH-31242)
9b23f8f

pablogsal · 2022-02-10T03:55:09Z

Thanks Anthony for the report!

tonybaloney mannequin added interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump 3.10 only security fixes 3.11 only security fixes labels Feb 10, 2022

pablogsal closed this as completed Feb 10, 2022

ezio-melotti transferred this issue from another repository Apr 10, 2022

tonybaloney mentioned this issue Sep 20, 2022

Hall of fame addition google/atheris#43

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Parser hanging on stacked { tokens #90863

Parser hanging on stacked { tokens #90863

tonybaloney mannequin commented Feb 10, 2022

tonybaloney mannequin commented Feb 10, 2022

pablogsal commented Feb 10, 2022

pablogsal commented Feb 10, 2022

pablogsal commented Feb 10, 2022

Parser hanging on stacked { tokens #90863

Parser hanging on stacked { tokens #90863

Comments

tonybaloney mannequin commented Feb 10, 2022

tonybaloney mannequin commented Feb 10, 2022

pablogsal commented Feb 10, 2022

pablogsal commented Feb 10, 2022

pablogsal commented Feb 10, 2022