From 1221e8c400933f24be69bd156f03cd1411746e6c Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Thu, 11 Aug 2022 02:19:20 -0700 Subject: gh-95876: Fix format string in pegen error location code (GH-95877) (cherry picked from commit b4c857d0fd74abb1ede6fe083c4fa3ca728b2b83) Co-authored-by: Christian Heimes --- .../Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst | 4 ++++ Parser/pegen_errors.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst b/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst new file mode 100644 index 0000000..96b6901 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst @@ -0,0 +1,4 @@ +Fix format string in ``_PyPegen_raise_error_known_location`` that can lead +to memory corruption on some 64bit systems. The function was building a +tuple with ``i`` (int) instead of ``n`` (Py_ssize_t) for Py_ssize_t +arguments. diff --git a/Parser/pegen_errors.c b/Parser/pegen_errors.c index 5703088..a0f4b98 100644 --- a/Parser/pegen_errors.c +++ b/Parser/pegen_errors.c @@ -371,7 +371,7 @@ _PyPegen_raise_error_known_location(Parser *p, PyObject *errtype, } } } - tmp = Py_BuildValue("(OiiNii)", p->tok->filename, lineno, col_number, error_line, end_lineno, end_col_number); + tmp = Py_BuildValue("(OnnNnn)", p->tok->filename, lineno, col_number, error_line, end_lineno, end_col_number); if (!tmp) { goto error; } -- cgit v0.12