[Python-checkins] When the Py_CompileStringExFlags fuzzer encounters a SystemError, abort (#115147)

Wed, 07 Feb 2024 14:21:53 -0800 

https://github.com/python/cpython/commit/38b970dfcc3cdebc87a456f17ef1e0f06dde7375
commit: 38b970dfcc3cdebc87a456f17ef1e0f06dde7375
branch: main
author: Alex Gaynor <[email protected]>
committer: alex <[email protected]>
date: 2024-02-07T17:21:33-05:00
summary:

When the Py_CompileStringExFlags fuzzer encounters a SystemError, abort 
(#115147)

This allows us to catch bugs beyond memory corruption and assertions.

files:
M Modules/_xxtestfuzz/fuzzer.c

diff --git a/Modules/_xxtestfuzz/fuzzer.c b/Modules/_xxtestfuzz/fuzzer.c
index e133b4d3c44480..6ea9f64d628530 100644
--- a/Modules/_xxtestfuzz/fuzzer.c
+++ b/Modules/_xxtestfuzz/fuzzer.c
@@ -502,7 +502,6 @@ static int fuzz_elementtree_parsewhole(const char* data, 
size_t size) {
 }
 
 #define MAX_PYCOMPILE_TEST_SIZE 16384
-static char pycompile_scratch[MAX_PYCOMPILE_TEST_SIZE];
 
 static const int start_vals[] = {Py_eval_input, Py_single_input, 
Py_file_input};
 const size_t NUM_START_VALS = sizeof(start_vals) / sizeof(start_vals[0]);
@@ -531,6 +530,8 @@ static int fuzz_pycompile(const char* data, size_t size) {
     unsigned char optimize_idx = (unsigned char) data[1];
     int optimize = optimize_vals[optimize_idx % NUM_OPTIMIZE_VALS];
 
+    char pycompile_scratch[MAX_PYCOMPILE_TEST_SIZE];
+
     // Create a NUL-terminated C string from the remaining input
     memcpy(pycompile_scratch, data + 2, size - 2);
     // Put a NUL terminator just after the copied data. (Space was reserved 
already.)
@@ -549,7 +550,13 @@ static int fuzz_pycompile(const char* data, size_t size) {
 
     PyObject *result = Py_CompileStringExFlags(pycompile_scratch, "<fuzz 
input>", start, flags, optimize);
     if (result == NULL) {
-        /* compilation failed, most likely from a syntax error */
+        /* Compilation failed, most likely from a syntax error. If it was a
+           SystemError we abort. There's no non-bug reason to raise a
+           SystemError. */
+        if (PyErr_Occurred() && PyErr_ExceptionMatches(PyExc_SystemError)) {
+            PyErr_Print();
+            abort();
+        }
         PyErr_Clear();
     } else {
         Py_DECREF(result);

_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]

Reply via email to