New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
_sre.template
crashes in case of negative or non-integer group index
#106524
Labels
Comments
chgnrdv
added
the
type-crash
A hard crash of the interpreter, possibly with a core dump
label
Jul 7, 2023
chgnrdv
added a commit
to chgnrdv/cpython
that referenced
this issue
Jul 7, 2023
….template * made `_sre_template_impl` set items of 'self->items' array to zero before initializing them with group indices and literals * added test
In Windows with 3.12.0b3 installed, I just get 'TypeError: invalid template' |
@terryjreedy, sorry, I should have mentioned that Python needs to be build in debug mode, or with ASAN enabled. |
serhiy-storchaka
pushed a commit
that referenced
this issue
Jul 8, 2023
Some items remained uninitialized if _sre.template() was called with invalid indices. Then attempt to clear them in the destructor led to dereferencing of uninitialized pointer.
serhiy-storchaka
pushed a commit
that referenced
this issue
Jul 8, 2023
Some items remained uninitialized if _sre.template() was called with invalid indices. Then attempt to clear them in the destructor led to dereferencing of uninitialized pointer. (cherry picked from commit 2ef1dc3) Co-authored-by: Radislav Chugunov <52372310+chgnrdv@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
_sre.template
crashes iftemplate
argument contains group index that is negative or not anint
instance.Examples:
In
_sre_template_impl
part ofself->items
remains uninitialized if call toPyLong_AsSsize_t
returns negative value or fails with exception. Then attempt to clearself->items[i].literal
intemplate_clear
leads to dereferencing of uninitialized pointer.Not sure if this worth fixing, since
_sre.template
is an internal implementation detail that is used only in_compile_template
function, where it accepts only (I guess) correct templates created in_parser.parse_template
function, and additional checks/initialization can affect its performance. But I'll submit a PR anyway.Linked PRs
_sre.template
#106525The text was updated successfully, but these errors were encountered: