New submission from Steve Stagg <stest...@gmail.com>:

The input `p=p=` causes python 3.10 to crash.

I bisected the change, and the behavior appears to have been introduced by 
16ab07063cb564c1937714bd39d6915172f005b5 (bpo-40334: Correctly identify invalid 
target in assignment errors (GH-20076) )

Steps to reproduce:

$ echo 'p=p=' | /path/to/python3.10
=== SIGSEGV (Address boundary error)


Analysis:

This code is an invalid assignment, and the parser tries to generate a useful 
message for this case (invalid_assignment_rule).

However, the `target` of the assignment is a Name node.

The invalid_assignment_rule function tries to identify the target of the 
assignment, to create a useful description for the error menssage by calling 
`_PyPegen_get_invalid_target`, passing in the Name Node.

`PyPegen_get_invalid_target` returns NULL if the type is a Name type 
(pegen.c:2114).

The result of this call is then passed unconditionally to 
_PyPegen_get_expr_name, which is expecting a statement, not NULL.

Error happens here: pegen.c:164
`_PyPegen_get_expr_name(expr_ty e)` is being called with `e = 0x0`

----------
components: Interpreter Core
messages: 370916
nosy: stestagg
priority: normal
severity: normal
status: open
title: Segfault in new PEG parser
type: crash
versions: Python 3.10

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue40903>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to