-
-
Notifications
You must be signed in to change notification settings - Fork 31.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[fuzzer] Parser null deref with continuation characters and generator parenthesis error #89657
Comments
Another parser crash found by the fuzzer: "\ Recreator: >>> import ast
>>> ast.literal_eval('"\\\n"(1for c in I,\\\n\\')
[1] 17916 segmentation fault ./python
>>> import ast
>>> ast.literal_eval(r'''
... "\
... "(1for c in I,\
... \ ''')
[1] 17935 segmentation fault ./python Raw ASAN stacktrace
==1668==The signal is caused by a READ memory access. |
Presto!! PR 28993 |
I confirmed that 3.9 does NOT seem to have the problem: Python 3.9.5 (default, May 19 2021, 11:32:47)
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> x = r'''
... "\
... "(1for c in I,\
... \ '''
>>> import ast
>>> ast.literal_eval(x)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/ast.py", line 62, in literal_eval
node_or_string = parse(node_or_string, mode='eval')
File "/usr/lib/python3.9/ast.py", line 50, in parse
return compile(source, filename, mode, flags,
File "<unknown>", line 3
"\
^
SyntaxError: Generator expression must be parenthesized |
It does, is just that is not a crash. The point where the error message point is totally wrong |
Note: this *does* fail on 3.9, too. Even if it doesn't crash the production build, it does fail an assertion in a pydebug build: test_error_offset_continuation_characters (test.test_exceptions.ExceptionTests) ... Assertion failed: (!_PyErr_Occurred(tstate)), function _PyObject_Call, file Objects/call.c, line 261. Current thread 0x00000001184d1dc0 (most recent call first): |
Thanks for the fix, Pablo! ✨ 🍰 ✨ |
Hello @ammaraskar, it looks like you are (or were) fuzzing this repository, and you’ve found some interesting bugs. 🥇 I would like to create a Python based test case reduction test suite that contains fuzzer generated outputs, and benchmark automatic test case reducers how they perform on Python inputs. It looks like to me you have opened this issue with the already reduced input that caused malfunction. Is it possible that you still have the output of the fuzzer, which is free of any reduction? I’m also interested in these issues of yours:
with the same motivation. Thanks in advance, |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: