https://github.com/python/cpython/commit/a1be83dae311e4a1a6e66ed5e128b1ad8794f72f
commit: a1be83dae311e4a1a6e66ed5e128b1ad8794f72f
branch: main
author: Tomas R. <[email protected]>
committer: JelleZijlstra <[email protected]>
date: 2024-10-06T12:46:03-07:00
summary:
gh-125010: Fix `use-after-free` in AST `repr()` (#125015)
files:
M Lib/test/test_ast/test_ast.py
M Parser/asdl_c.py
M Python/Python-ast.c
diff --git a/Lib/test/test_ast/test_ast.py b/Lib/test/test_ast/test_ast.py
index f052822cb45273..01d2e392302e86 100644
--- a/Lib/test/test_ast/test_ast.py
+++ b/Lib/test/test_ast/test_ast.py
@@ -789,6 +789,13 @@ def test_repr(self) -> None:
with self.subTest(test_input=test):
self.assertEqual(repr(ast.parse(test)), snapshot)
+ def test_repr_large_input_crash(self):
+ # gh-125010: Fix use-after-free in ast repr()
+ source = "0x0" + "e" * 10_000
+ with self.assertRaisesRegex(ValueError,
+ r"Exceeds the limit \(\d+ digits\)"):
+ repr(ast.Constant(value=eval(source)))
+
class CopyTests(unittest.TestCase):
"""Test copying and pickling AST nodes."""
diff --git a/Parser/asdl_c.py b/Parser/asdl_c.py
index ab5fd229cc46ea..f50c28afcfe205 100755
--- a/Parser/asdl_c.py
+++ b/Parser/asdl_c.py
@@ -1608,7 +1608,6 @@ def visitModule(self, mod):
if (!value_repr) {
Py_DECREF(name);
- Py_DECREF(value);
goto error;
}
diff --git a/Python/Python-ast.c b/Python/Python-ast.c
index 4a58c0973d1118..89c52b9dc73cac 100644
--- a/Python/Python-ast.c
+++ b/Python/Python-ast.c
@@ -5809,7 +5809,6 @@ ast_repr_max_depth(AST_object *self, int depth)
if (!value_repr) {
Py_DECREF(name);
- Py_DECREF(value);
goto error;
}
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]
