[issue42609] Eval with too high string multiplication crashes newer Python versions

2022-01-14 Thread Irit Katriel 


Irit Katriel  added the comment:

Apart from the 3.9 backport this is complete.

--
nosy: +iritkatriel, lukasz.langa
versions:  -Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2021-04-26 Thread Serhiy Storchaka 


Change by Serhiy Storchaka :


--
pull_requests: +24328
pull_request: https://github.com/python/cpython/pull/25634

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2021-04-25 Thread Serhiy Storchaka 


Serhiy Storchaka  added the comment:


New changeset face87c94e67ad9c72b9a3724f112fd76c1002b9 by Serhiy Storchaka in 
branch 'master':
bpo-42609: Check recursion depth in the AST validator and optimizer (GH-23744)
https://github.com/python/cpython/commit/face87c94e67ad9c72b9a3724f112fd76c1002b9


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2020-12-14 Thread Batuhan Taskaya 


Change by Batuhan Taskaya :


--
nosy: +BTaskaya

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2020-12-12 Thread Serhiy Storchaka 


Serhiy Storchaka  added the comment:

This is known issue, but interesting that the cause of the crash is different 
in 3.7-3.8 and 3.9+.

PR 23744 adds recursion checks in the AST validator and optimizer similar to 
the checks in the symtable. It should not break any existing code because too 
deep AST tree did not pass checks in the symtable in any case.

But it does not solve all problems. A compound statement with too many "elif"s 
is still crashed because the new parser uses recursion in C to parse it 
(elif_stmt_rule). I think it should be a separate issue.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2020-12-12 Thread Serhiy Storchaka 


Change by Serhiy Storchaka :


--
keywords: +patch
nosy: +serhiy.storchaka
nosy_count: 6.0 -> 7.0
pull_requests: +22602
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/23744

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2020-12-11 Thread hongweipeng 


Change by hongweipeng :


--
nosy: +hongweipeng

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2020-12-10 Thread Dong-hee Na 


Change by Dong-hee Na :


--
nosy: +methane

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2020-12-10 Thread Dong-hee Na 


Change by Dong-hee Na :


--
nosy: +corona10

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2020-12-10 Thread Steve Stagg 


Steve Stagg  added the comment:

In python 3.7/8, It's a stack overflow in the constant folding code.

On master, the overflow seems to come out of validate_expr.c.

* thread #1, name = 'python3', stop reason = signal SIGSEGV: invalid address 
(fault address: 0x7f7feff8)
frame #0: 0x557aadba python3`validate_expr(exp=0x602617c0, 
ctx=Load) at ast.c:224:16
   221  }
   222  return validate_exprs(exp->v.BoolOp.values, Load, 0);
   223  case BinOp_kind:
-> 224  return validate_expr(exp->v.BinOp.left, Load) &&
   225  validate_expr(exp->v.BinOp.right, Load);
   226  case UnaryOp_kind:
   227  return validate_expr(exp->v.UnaryOp.operand, Load);


300,000 ish stack frames of this:

frame #70832: 0x557aadbf 
python3`validate_expr(exp=0x6150af40, ctx=Load) at ast.c:224:16
frame #70833: 0x557aadbf 
python3`validate_expr(exp=0x6150b050, ctx=Load) at ast.c:224:16
frame #70834: 0x557aadbf 
python3`validate_expr(exp=0x6150b160, ctx=Load) at ast.c:224:16
frame #70835: 0x557aadbf 
python3`validate_expr(exp=0x6150b270, ctx=Load) at ast.c:224:16
frame #70836: 0x557aadbf 
python3`validate_expr(exp=0x6150b380, ctx=Load) at ast.c:224:16
frame #70837: 0x557aadbf 
python3`validate_expr(exp=0x6150b490, ctx=Load) at ast.c:224:16
frame #70838: 0x557aadbf 
python3`validate_expr(exp=0x6150b5a0, ctx=Load) at ast.c:224:16
frame #70839: 0x557aadbf 
python3`validate_expr(exp=0x6150b6b0, ctx=Load) at ast.c:224:16


On the one hand, pure python code should never segfault, on the other hand, 
`eval`ling untrusted input has bigger problems than a segfault on carefully 
crafted input.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2020-12-10 Thread Steve Stagg 


Steve Stagg  added the comment:

Looks like it was introduced by 
https://github.com/python/cpython/commit/7ea143ae795a9fd57eaccf490d316bdc13ee9065:

bpo-29469: Move constant folding to AST optimizer (GH-2858)

--
nosy: +stestagg

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2020-12-09 Thread pmp-p 


Change by pmp-p :


--
nosy: +pmpp

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42609] Eval with too high string multiplication crashes newer Python versions

2020-12-09 Thread Erik Lamers 


Change by Erik Lamers :


--
title: Eval with two high string multiplication crashes newer Python versions 
-> Eval with too high string multiplication crashes newer Python versions

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com