New submission from Steve Stagg <stest...@gmail.com>:
Hi
Fuzzing found the following:
$ ./python/bin/python3
Python 3.10.0a0 (heads/master:eb0d5c38de, Jun 20 2020, 21:35:36)
[Clang 10.0.0 ] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> with a as b
fish: “./python/bin/python3” terminated by signal SIGSEGV (Address boundary
error)
with stacktrace:
* thread #1, name = 'run', stop reason = signal SIGSEGV: invalid address (fault
address: 0x20)
* frame #0: 0x0000555555a08feb run`with_item_rule at parser.c:15382:20
frame #1: 0x0000555555a08e96 run`with_item_rule(p=0x00007ffff78b9e40) at
parser.c:4330
frame #2: 0x00005555559d22e9 run`compound_stmt_rule at parser.c:17930:21
frame #3: 0x00005555559d227c run`compound_stmt_rule at parser.c:4139
frame #4: 0x00005555559d1a64 run`compound_stmt_rule(p=<unavailable>) at
parser.c:1931
frame #5: 0x00005555559d016c run`statements_rule at parser.c:1230:18
frame #6: 0x00005555559d00fb run`statements_rule at parser.c:16156
frame #7: 0x00005555559cff4d run`statements_rule(p=<unavailable>) at
parser.c:1189
frame #8: 0x00005555559cb2bc run`_PyPegen_parse at parser.c:722:18
frame #9: 0x00005555559cb28d run`_PyPegen_parse(p=0x00007ffff78b9e40) at
parser.c:24688
frame #10: 0x00005555559c5349 run`_PyPegen_run_parser(p=0x00007ffff78b9e40)
at pegen.c:1083:17
frame #11: 0x00005555559c6458
run`_PyPegen_run_parser_from_string(str=<unavailable>,
start_rule=<unavailable>, filename_ob=0x00007ffff788db30, flags=<unavailable>,
arena=<unavailable>) at pegen.c:1201:14
frame #12: 0x00005555555eea84
run`PyPegen_ASTFromStringObject(str="with'lZ''</'as sdbm.N",
filename=0x00007ffff788db30, mode=257, flags=0x0000000000000000,
arena=0x00007ffff78e4910) at peg_api.c:27:21
frame #13: 0x00005555555a8413 run`PyRun_StringFlags(str="with'lZ''</'as
sdbm.N", start=<unavailable>, globals=0x00007ffff788d940,
locals=0x00007ffff788d940, flags=0x0000000000000000) at pythonrun.c:1029:11
frame #14: 0x00005555555a8202
run`PyRun_SimpleStringFlags(command="with'lZ''</'as sdbm.N",
flags=0x0000000000000000) at pythonrun.c:429:9
frame #15: 0x0000555555595936 run`main(argc=<unavailable>,
argv=<unavailable>) at run.c:19:3
frame #16: 0x00007ffff7c35002 libc.so.6`__libc_start_main + 242
frame #17: 0x000055555559568e run`_start + 46
This appears to be similar to: https://bugs.python.org/issue40903, where
GET_INVALID_TARGET is being called with an Attribute Node, which returns None,
and this result is passed, unchecked into `PyPegen_get_expr_name`
----------
components: Interpreter Core
messages: 371964
nosy: stestagg
priority: normal
severity: normal
status: open
title: `with a as b` segfault in new peg parser
type: crash
versions: Python 3.10, Python 3.9
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue41060>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
