-
-
Notifications
You must be signed in to change notification settings - Fork 30.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Buffer overflow in bad_single_statement (Parser/pegen.c) #86316
Comments
Building Python with the address sanitizer and executing ./python -m test test_repl -v shows this: =========================================================== 0x60200003990f is located 1 bytes to the left of 2-byte region [0x602000039910,0x602000039912) SUMMARY: AddressSanitizer: heap-buffer-overflow Parser/pegen.c:993 in bad_single_statement |
The problem seems to be that when we do const char *cur = strchr(p->tok->buf, '\n');
... *(cur - 1) == '\\' we don't check if "cur" is before at p->tok->buf (and therefore we cannot check the previous char) |
Check the errors in this new builder I have prepared: https://buildbot.python.org/all/#/builders/582/builds/200/steps/5/logs/stdio |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: