Message382849
In python 3.7/8, It's a stack overflow in the constant folding code.
On master, the overflow seems to come out of validate_expr.c.
* thread #1, name = 'python3', stop reason = signal SIGSEGV: invalid address (fault address: 0x7fffff7feff8)
frame #0: 0x00005555557aadba python3`validate_expr(exp=0x00005555602617c0, ctx=Load) at ast.c:224:16
221 }
222 return validate_exprs(exp->v.BoolOp.values, Load, 0);
223 case BinOp_kind:
-> 224 return validate_expr(exp->v.BinOp.left, Load) &&
225 validate_expr(exp->v.BinOp.right, Load);
226 case UnaryOp_kind:
227 return validate_expr(exp->v.UnaryOp.operand, Load);
300,000 ish stack frames of this:
frame #70832: 0x00005555557aadbf python3`validate_expr(exp=0x000055556150af40, ctx=Load) at ast.c:224:16
frame #70833: 0x00005555557aadbf python3`validate_expr(exp=0x000055556150b050, ctx=Load) at ast.c:224:16
frame #70834: 0x00005555557aadbf python3`validate_expr(exp=0x000055556150b160, ctx=Load) at ast.c:224:16
frame #70835: 0x00005555557aadbf python3`validate_expr(exp=0x000055556150b270, ctx=Load) at ast.c:224:16
frame #70836: 0x00005555557aadbf python3`validate_expr(exp=0x000055556150b380, ctx=Load) at ast.c:224:16
frame #70837: 0x00005555557aadbf python3`validate_expr(exp=0x000055556150b490, ctx=Load) at ast.c:224:16
frame #70838: 0x00005555557aadbf python3`validate_expr(exp=0x000055556150b5a0, ctx=Load) at ast.c:224:16
frame #70839: 0x00005555557aadbf python3`validate_expr(exp=0x000055556150b6b0, ctx=Load) at ast.c:224:16
On the one hand, pure python code should never segfault, on the other hand, `eval`ling untrusted input has bigger problems than a segfault on carefully crafted input. |
|
| Date |
User |
Action |
Args |
| 2020-12-10 21:34:01 | stestagg | set | recipients:
+ stestagg, pmpp, Erik-Lamers1 |
| 2020-12-10 21:34:01 | stestagg | set | messageid: <1607636041.53.0.900192875057.issue42609@roundup.psfhosted.org> |
| 2020-12-10 21:34:01 | stestagg | link | issue42609 messages |
| 2020-12-10 21:34:01 | stestagg | create | |
|
➜
