From 2a6b67f1c516d0e693abd0dc13c7c7799815fd18 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 11 Aug 2022 21:41:35 +0200 Subject: [3.10] gh-95876: Fix format string in pegen error location code (GH-95877 (GH-95901) (cherry picked from commit b4c857d0fd74abb1ede6fe083c4fa3ca728b2b83) Co-authored-by: Christian Heimes --- .../Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst | 4 ++++ Parser/pegen.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst b/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst new file mode 100644 index 0000000..96b6901 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst @@ -0,0 +1,4 @@ +Fix format string in ``_PyPegen_raise_error_known_location`` that can lead +to memory corruption on some 64bit systems. The function was building a +tuple with ``i`` (int) instead of ``n`` (Py_ssize_t) for Py_ssize_t +arguments. diff --git a/Parser/pegen.c b/Parser/pegen.c index 016f070..acad955 100644 --- a/Parser/pegen.c +++ b/Parser/pegen.c @@ -547,7 +547,7 @@ _PyPegen_raise_error_known_location(Parser *p, PyObject *errtype, byte_offset_to_character_offset(error_line, end_col_offset) : end_col_number; } - tmp = Py_BuildValue("(OiiNii)", p->tok->filename, lineno, col_number, error_line, end_lineno, end_col_number); + tmp = Py_BuildValue("(OnnNnn)", p->tok->filename, lineno, col_number, error_line, end_lineno, end_col_number); if (!tmp) { goto error; } -- cgit v0.12