summaryrefslogtreecommitdiffstats
path: root/Lib/test/crashers/bogus_sre_bytecode.py
blob: 7f006d9edeb368e4fa555782d76e77a4f61aa890 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
"""
The regular expression engine in '_sre' can segfault when interpreting
bogus bytecode.

It is unclear whether this is a real bug or a "won't fix" case like
bogus_code_obj.py, because it requires bytecode that is built by hand,
as opposed to compiled by 're' from a string-source regexp.  The
difference with bogus_code_obj, though, is that the only existing regexp
compiler is written in Python, so that the C code has no choice but
accept arbitrary bytecode from Python-level.

The test below builds and runs random bytecodes until 'match' crashes
Python.  I have not investigated why exactly segfaults occur nor how
hard they would be to fix.  Here are a few examples of 'code' that
segfault for me:

    [21, 50814, 8, 29, 16]
    [21, 3967, 26, 10, 23, 54113]
    [29, 23, 0, 2, 5]
    [31, 64351, 0, 28, 3, 22281, 20, 4463, 9, 25, 59154, 15245, 2,
                  16343, 3, 11600, 24380, 10, 37556, 10, 31, 15, 31]

Here is also a 'code' that triggers an infinite uninterruptible loop:

    [29, 1, 8, 21, 1, 43083, 6]

"""

import _sre, random

def pick():
    n = random.randrange(-65536, 65536)
    if n < 0:
        n &= 31
    return n

ss = ["", "world", "x" * 500]

while 1:
    code = [pick() for i in range(random.randrange(5, 25))]
    print(code)
    pat = _sre.compile(None, 0, code)
    for s in ss:
        try:
            pat.match(s)
        except RuntimeError:
            pass