Skip to content

Some object-to-AST conversions are missing error checks #105588

New issue
New issue
Closed
Closed
Some object-to-AST conversions are missing error checks#105588
Assignees
brandtbucher
Labels
3.11only security fixes3.12bugs and security fixes3.13bugs and security fixesinterpreter-core(Objects, Python, Grammar, and Parser dirs)triagedThe issue has been accepted as valid by a triager.type-crashA hard crash of the interpreter, possibly with a core dump
@brandtbucher

Description

@brandtbucher
brandtbucher
opened on Jun 9, 2023

The generated code in Python-ast.c is missing error checks following the construction of C-level alias, arg, comprehension, keyword, match_item, and withitem nodes from their Python object counterparts. This means it's possible to crash the interpreter by attempting to compile an AST where a required member of these nodes is replaced with None:

>>> import ast
>>> tree = ast.parse("""
... match ...:
...     case THIS:
...         ...
... """)
>>> tree.body[0].cases[0].pattern = None
>>> compile(tree, "<crash>", "exec")
Segmentation fault

I'll have a PR up in a minute with the one-line fix.

Linked PRs

Metadata

Metadata

Assignees

Labels

3.11only security fixes3.12bugs and security fixes3.13bugs and security fixesinterpreter-core(Objects, Python, Grammar, and Parser dirs)triagedThe issue has been accepted as valid by a triager.type-crashA hard crash of the interpreter, possibly with a core dump

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions