-
-
Notifications
You must be signed in to change notification settings - Fork 31.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[fuzzer] Weird input with continuation and newlines causes null deref in parser #89571
Comments
From the newly added ast.literal_eval(x) fuzzer, the following string fed to ast.literal_eval will cause a null pointer in get_error_line: \ This can be recreated with: ❯ ./python
Python 3.11.0a1+ (heads/fuzz_ast-dirty:6c942a86a4, Oct 6 2021, 16:27:52) [GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ast
>>> ast.literal_eval(r'''\
... \
... (\
... \ ''')
[1] 15464 segmentation fault ./python Raw ASAN report
==85015==The signal is caused by a READ memory access. |
(unable to reproduce on 3.9) |
Confirmed in 3.10 and 3.11: >>> ast.literal_eval(r'''\
... \
... (\
... \ ''')
fish: Job 1, 'python' terminated by signal SIGSEGV (Address boundary error) 3.9 raises SyntaxError: >>> ast.literal_eval(r'''
... \
... (\
... \ ''')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "ast.py", line 62, in literal_eval
node_or_string = parse(node_or_string, mode='eval')
File "ast.py", line 50, in parse
return compile(source, filename, mode, flags,
File "<unknown>", line 4
\
^
SyntaxError: unexpected character after line continuation character |
Marking release blocker as a crash is bad for a function that is documented as safe for use on untrusted input so long as it isn't large enough to overflow the stack. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: