diff options
author | Tomas R. <tomas.roun8@gmail.com> | 2024-10-06 19:46:03 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-10-06 19:46:03 (GMT) |
commit | a1be83dae311e4a1a6e66ed5e128b1ad8794f72f (patch) | |
tree | d6da663d73829f78b33648ac18935dd47db7c658 | |
parent | 3fc673e97dafb8a73ee99937cf2bf0b849b1f418 (diff) | |
download | cpython-a1be83dae311e4a1a6e66ed5e128b1ad8794f72f.zip cpython-a1be83dae311e4a1a6e66ed5e128b1ad8794f72f.tar.gz cpython-a1be83dae311e4a1a6e66ed5e128b1ad8794f72f.tar.bz2 |
gh-125010: Fix `use-after-free` in AST `repr()` (#125015)
-rw-r--r-- | Lib/test/test_ast/test_ast.py | 7 | ||||
-rwxr-xr-x | Parser/asdl_c.py | 1 | ||||
-rw-r--r-- | Python/Python-ast.c | 1 |
3 files changed, 7 insertions, 2 deletions
diff --git a/Lib/test/test_ast/test_ast.py b/Lib/test/test_ast/test_ast.py index f052822..01d2e39 100644 --- a/Lib/test/test_ast/test_ast.py +++ b/Lib/test/test_ast/test_ast.py @@ -789,6 +789,13 @@ class AST_Tests(unittest.TestCase): with self.subTest(test_input=test): self.assertEqual(repr(ast.parse(test)), snapshot) + def test_repr_large_input_crash(self): + # gh-125010: Fix use-after-free in ast repr() + source = "0x0" + "e" * 10_000 + with self.assertRaisesRegex(ValueError, + r"Exceeds the limit \(\d+ digits\)"): + repr(ast.Constant(value=eval(source))) + class CopyTests(unittest.TestCase): """Test copying and pickling AST nodes.""" diff --git a/Parser/asdl_c.py b/Parser/asdl_c.py index ab5fd22..f50c28a 100755 --- a/Parser/asdl_c.py +++ b/Parser/asdl_c.py @@ -1608,7 +1608,6 @@ ast_repr_max_depth(AST_object *self, int depth) if (!value_repr) { Py_DECREF(name); - Py_DECREF(value); goto error; } diff --git a/Python/Python-ast.c b/Python/Python-ast.c index 4a58c09..89c52b9 100644 --- a/Python/Python-ast.c +++ b/Python/Python-ast.c @@ -5809,7 +5809,6 @@ ast_repr_max_depth(AST_object *self, int depth) if (!value_repr) { Py_DECREF(name); - Py_DECREF(value); goto error; } |