summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomas R. <tomas.roun8@gmail.com>2024-10-06 19:46:03 (GMT)
committerGitHub <noreply@github.com>2024-10-06 19:46:03 (GMT)
commita1be83dae311e4a1a6e66ed5e128b1ad8794f72f (patch)
treed6da663d73829f78b33648ac18935dd47db7c658
parent3fc673e97dafb8a73ee99937cf2bf0b849b1f418 (diff)
downloadcpython-a1be83dae311e4a1a6e66ed5e128b1ad8794f72f.zip
cpython-a1be83dae311e4a1a6e66ed5e128b1ad8794f72f.tar.gz
cpython-a1be83dae311e4a1a6e66ed5e128b1ad8794f72f.tar.bz2
gh-125010: Fix `use-after-free` in AST `repr()` (#125015)
-rw-r--r--Lib/test/test_ast/test_ast.py7
-rwxr-xr-xParser/asdl_c.py1
-rw-r--r--Python/Python-ast.c1
3 files changed, 7 insertions, 2 deletions
diff --git a/Lib/test/test_ast/test_ast.py b/Lib/test/test_ast/test_ast.py
index f052822..01d2e39 100644
--- a/Lib/test/test_ast/test_ast.py
+++ b/Lib/test/test_ast/test_ast.py
@@ -789,6 +789,13 @@ class AST_Tests(unittest.TestCase):
with self.subTest(test_input=test):
self.assertEqual(repr(ast.parse(test)), snapshot)
+ def test_repr_large_input_crash(self):
+ # gh-125010: Fix use-after-free in ast repr()
+ source = "0x0" + "e" * 10_000
+ with self.assertRaisesRegex(ValueError,
+ r"Exceeds the limit \(\d+ digits\)"):
+ repr(ast.Constant(value=eval(source)))
+
class CopyTests(unittest.TestCase):
"""Test copying and pickling AST nodes."""
diff --git a/Parser/asdl_c.py b/Parser/asdl_c.py
index ab5fd22..f50c28a 100755
--- a/Parser/asdl_c.py
+++ b/Parser/asdl_c.py
@@ -1608,7 +1608,6 @@ ast_repr_max_depth(AST_object *self, int depth)
if (!value_repr) {
Py_DECREF(name);
- Py_DECREF(value);
goto error;
}
diff --git a/Python/Python-ast.c b/Python/Python-ast.c
index 4a58c09..89c52b9 100644
--- a/Python/Python-ast.c
+++ b/Python/Python-ast.c
@@ -5809,7 +5809,6 @@ ast_repr_max_depth(AST_object *self, int depth)
if (!value_repr) {
Py_DECREF(name);
- Py_DECREF(value);
goto error;
}