[issue26000] Crash in Tokenizer - Heap-use-after-free

2018-09-24 Thread Karthikeyan Singaravelan
Karthikeyan Singaravelan added the comment: As part of triaging I am closing this issue as duplicate adding issue31852 as superseder which has the relevant PR and discussion about the fix. I have also verified the fix as in https://bugs.python.org/issue26000#msg326204. I think backporting

[issue26000] Crash in Tokenizer - Heap-use-after-free

2018-09-24 Thread Karthikeyan Singaravelan
Karthikeyan Singaravelan added the comment: Thanks William for the information. I can reproduce this on 3.5.6. I was able to bisect this down to #31852 that deals with similar cases and fixed with commit 690c36f2f1085145d364a89bfed5944dd2470308. $ cpython git:(master) git checkout

[issue26000] Crash in Tokenizer - Heap-use-after-free

2018-09-23 Thread William Bowling
William Bowling added the comment: > Is this still reproducible? On master (Python 3.8) with a debug build it > throws a SyntaxError. I don't have Python 3.5 installed to check this though Looks like it's fixed in master and 3.6.6 but still happening in 3.5.6 --

[issue26000] Crash in Tokenizer - Heap-use-after-free

2018-09-23 Thread Karthikeyan Singaravelan
Karthikeyan Singaravelan added the comment: Is this still reproducible? On master (Python 3.8) with a debug build it throws a SyntaxError. I don't have Python 3.5 installed to check this though $ ./python.exe Python 3.8.0a0 (heads/master:c87d9f406b, Sep 23 2018, 19:48:30) [Clang 7.0.2

[issue26000] Crash in Tokenizer - Heap-use-after-free

2016-02-21 Thread Sean Gillespie
Sean Gillespie added the comment: Went ahead and did it since I had the time - the issue is that when doing a token of lookahead to see whether an 'async' at a top-level begins an 'async def' function or if it is an identifier. A shallow copy of the current token is made and given to another

[issue26000] Crash in Tokenizer - Heap-use-after-free

2016-02-20 Thread Sean Gillespie
Sean Gillespie added the comment: Is anyone currently working on this? If not, I'd like to try and fix this. I've debugged this a little and think I have an idea of what's going on. -- nosy: +swgillespie ___ Python tracker

[issue26000] Crash in Tokenizer - Heap-use-after-free

2016-01-03 Thread William Bowling
William Bowling added the comment: Also a very similar source causes a slightly different crash (heap-buffer-overflow instead of heap-use-after-free): ./python -c 'with open("vuln2.py", "wb") as f: f.write(b"\x61\x73\x00\x0a\x79\x6e\x63\x5c\x0a\x00\x0d\xdd")' ./python vuln2.py Python 3.5.1+

[issue26000] Crash in Tokenizer - Heap-use-after-free

2016-01-03 Thread Serhiy Storchaka
Changes by Serhiy Storchaka : -- assignee: -> serhiy.storchaka nosy: +serhiy.storchaka priority: normal -> high ___ Python tracker

[issue26000] Crash in Tokenizer - Heap-use-after-free

2016-01-03 Thread William Bowling
New submission from William Bowling: Similar to https://bugs.python.org/issue25388 the following causes a crash on 3.5.1 and the latest 3.5 branch: ./python -c 'with open("vuln.py", "wb") as f: f.write(b"\x61\x73\x00\x0a\x79\x6e\x63\x5c\x0a\xef")' ./python vuln.py Python 3.5.1+ (default,