https://github.com/python/cpython/commit/1cc2c954d6b56e5341ff4290f0301636e09a4af0
commit: 1cc2c954d6b56e5341ff4290f0301636e09a4af0
branch: 3.13
author: Stan Ulbrych <[email protected]>
committer: pablogsal <[email protected]>
date: 2025-10-24T00:38:02+01:00
summary:
[3.13] gh-140471: Fix buffer overflow in AST node initialization with malformed
`_fields` (GH-140506) (#140510)
(cherry picked from commit 95953b692db6cbd88139de12d81fb123293ec2d5)
files:
A Misc/NEWS.d/next/Core and
Builtins/2025-10-23-16-05-50.gh-issue-140471.Ax_aXn.rst
M Lib/test/test_ast/test_ast.py
M Parser/asdl_c.py
M Python/Python-ast.c
diff --git a/Lib/test/test_ast/test_ast.py b/Lib/test/test_ast/test_ast.py
index 442c8f7f14ee21..a8d111a4afe797 100644
--- a/Lib/test/test_ast/test_ast.py
+++ b/Lib/test/test_ast/test_ast.py
@@ -3119,6 +3119,15 @@ class MoreFieldsThanTypes(ast.AST):
self.assertEqual(obj.a, 1)
self.assertEqual(obj.b, 2)
+ def test_malformed_fields_with_bytes(self):
+ class BadFields(ast.AST):
+ _fields = (b'\xff'*64,)
+ _field_types = {'a': int}
+
+ # This should not crash
+ with self.assertWarnsRegex(DeprecationWarning, r"Field b'\\xff\\xff.*'
.*"):
+ obj = BadFields()
+
def test_complete_field_types(self):
class _AllFieldTypes(ast.AST):
_fields = ("a", "b")
diff --git a/Misc/NEWS.d/next/Core and
Builtins/2025-10-23-16-05-50.gh-issue-140471.Ax_aXn.rst b/Misc/NEWS.d/next/Core
and Builtins/2025-10-23-16-05-50.gh-issue-140471.Ax_aXn.rst
new file mode 100644
index 00000000000000..afa9326fff3aee
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and
Builtins/2025-10-23-16-05-50.gh-issue-140471.Ax_aXn.rst
@@ -0,0 +1,2 @@
+Fix potential buffer overflow in :class:`ast.AST` node initialization when
+encountering malformed :attr:`~ast.AST._fields` containing non-:class:`str`.
diff --git a/Parser/asdl_c.py b/Parser/asdl_c.py
index 936317b7ae6e0c..99312b36cd33c3 100755
--- a/Parser/asdl_c.py
+++ b/Parser/asdl_c.py
@@ -1006,7 +1006,7 @@ def visitModule(self, mod):
else {
if (PyErr_WarnFormat(
PyExc_DeprecationWarning, 1,
- "Field '%U' is missing from %.400s._field_types. "
+ "Field %R is missing from %.400s._field_types. "
"This will become an error in Python 3.15.",
name, Py_TYPE(self)->tp_name
) < 0) {
@@ -1041,7 +1041,7 @@ def visitModule(self, mod):
// simple field (e.g., identifier)
if (PyErr_WarnFormat(
PyExc_DeprecationWarning, 1,
- "%.400s.__init__ missing 1 required positional argument:
'%U'. "
+ "%.400s.__init__ missing 1 required positional argument:
%R. "
"This will become an error in Python 3.15.",
Py_TYPE(self)->tp_name, name
) < 0) {
diff --git a/Python/Python-ast.c b/Python/Python-ast.c
index 08ac2507d984d2..a71262c7f84abe 100644
--- a/Python/Python-ast.c
+++ b/Python/Python-ast.c
@@ -5203,7 +5203,7 @@ ast_type_init(PyObject *self, PyObject *args, PyObject
*kw)
else {
if (PyErr_WarnFormat(
PyExc_DeprecationWarning, 1,
- "Field '%U' is missing from %.400s._field_types. "
+ "Field %R is missing from %.400s._field_types. "
"This will become an error in Python 3.15.",
name, Py_TYPE(self)->tp_name
) < 0) {
@@ -5238,7 +5238,7 @@ ast_type_init(PyObject *self, PyObject *args, PyObject
*kw)
// simple field (e.g., identifier)
if (PyErr_WarnFormat(
PyExc_DeprecationWarning, 1,
- "%.400s.__init__ missing 1 required positional argument:
'%U'. "
+ "%.400s.__init__ missing 1 required positional argument:
%R. "
"This will become an error in Python 3.15.",
Py_TYPE(self)->tp_name, name
) < 0) {
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
