[3.9] bpo-41690: Use a loop to collect args in the parser instead of …

…recursion (GH-22053) (GH-22067) This program can segfault the parser by stack overflow: ``` import ast code = "f(" + ",".join(['a' for _ in range(100000)]) + ")" print("Ready!") ast.parse(code) ``` the reason is that the rule for arguments has a simple recursion when collecting args: args[expr_ty]: [...] | a=named_expression b=[',' c=args { c }] { [...] }. (cherry picked from commit 4a97b15) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
python · Sep 2, 2020 · 8de34cd · 8de34cd
1 parent a763ee3
commit 8de34cd
Show file tree

Hide file tree

Showing 5 changed files with 628 additions and 515 deletions.
diff --git a/Grammar/python.gram b/Grammar/python.gram
@@ -537,22 +537,11 @@ arguments[expr_ty] (memo):
     | a=args [','] &')' { a }
     | incorrect_arguments
 args[expr_ty]:
-    | a=starred_expression b=[',' c=args { c }] {
-        _Py_Call(_PyPegen_dummy_name(p),
-                 (b) ? CHECK(_PyPegen_seq_insert_in_front(p, a, ((expr_ty) b)->v.Call.args))
-                     : CHECK(_PyPegen_singleton_seq(p, a)),
-                 (b) ? ((expr_ty) b)->v.Call.keywords : NULL,
-                 EXTRA) }
+    | a=','.(starred_expression | named_expression !'=')+ b=[',' k=kwargs {k}] { _PyPegen_collect_call_seqs(p, a, b) }
     | a=kwargs { _Py_Call(_PyPegen_dummy_name(p),
                           CHECK_NULL_ALLOWED(_PyPegen_seq_extract_starred_exprs(p, a)),
                           CHECK_NULL_ALLOWED(_PyPegen_seq_delete_starred_exprs(p, a)),
                           EXTRA) }
-    | a=named_expression b=[',' c=args { c }] {
-        _Py_Call(_PyPegen_dummy_name(p),
-                 (b) ? CHECK(_PyPegen_seq_insert_in_front(p, a, ((expr_ty) b)->v.Call.args))
-                     : CHECK(_PyPegen_singleton_seq(p, a)),
-                 (b) ? ((expr_ty) b)->v.Call.keywords : NULL,
-                 EXTRA) }
 kwargs[asdl_seq*]:
     | a=','.kwarg_or_starred+ ',' b=','.kwarg_or_double_starred+ { _PyPegen_join_sequences(p, a, b) }
     | ','.kwarg_or_starred+

diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-09-02-12-00-57.bpo-41690.Ny-Sfy.rst b/Misc/NEWS.d/next/Core and Builtins/2020-09-02-12-00-57.bpo-41690.Ny-Sfy.rst
@@ -0,0 +1,2 @@
+Fix a possible stack overflow in the parser when parsing functions and
+classes with a huge ammount of arguments. Patch by Pablo Galindo.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		Fix a possible stack overflow in the parser when parsing functions and
		classes with a huge ammount of arguments. Patch by Pablo Galindo.