Memory leak in AST parsing (OSS-Fuzz #60074)

[guidovranken]

Bug report

Reported by OSS-Fuzz (issue 60074).

Build cpython with:

CC=clang CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" ./configure --prefix=<prefix>
ASAN_OPTIONS=detect_leaks=0 make -j$(nproc)
ASAN_OPTIONS=detect_leaks=0 make install

(Setting ASAN_OPTIONS=detect_leaks=0 during build is necessary because memory leaks occur in the build phase itself, see #104791).

Then run the following reproducer:

import ast
ast.unparse(ast.parse(bytes([
  0x77, 0x69, 0x74, 0x68, 0x28, 0x29, 0x3a, 0x0a, 0x09, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x2b, 0x2b, 0x2b, 0x2b, 0x2b, 0x66, 0x27,
  0x7b, 0x22, 0x02, 0x22, 0x7d, 0x65, 0x27, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x2d, 0x76, 0x66, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x69])))

AddressSanitizer stack trace:

==178428==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 87170 byte(s) in 64 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11

Direct leak of 29192 byte(s) in 30 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e03b3 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1449:29
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #7 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #8 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #9 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #10 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #11 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #12 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #13 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #14 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #15 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #16 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #17 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #18 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #19 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #20 0x5593852cccf3 in builtin_exec_impl /home/jhg/oss-fuzz-60074/cpython/Python/bltinmodule.c:1079:17
    #21 0x5593852cccf3 in builtin_exec /home/jhg/oss-fuzz-60074/cpython/Python/clinic/bltinmodule.c.h:583:20
    #22 0x559385110c96 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/jhg/oss-fuzz-60074/cpython/Objects/methodobject.c:438:24

Direct leak of 28216 byte(s) in 39 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e03b3 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1449:29
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #7 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #8 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #9 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #10 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #11 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #12 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #13 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #14 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #15 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #16 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #17 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #18 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #19 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #20 0x55938540cc09 in run_eval_code_obj /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1727:9
    #21 0x55938540cc09 in run_mod /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1748:19

Direct leak of 8720 byte(s) in 8 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e03b3 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1449:29
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #7 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #8 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #9 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #10 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #11 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #12 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #13 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #14 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #15 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #16 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #17 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #18 0x5593852cccf3 in builtin_exec_impl /home/jhg/oss-fuzz-60074/cpython/Python/bltinmodule.c:1079:17
    #19 0x5593852cccf3 in builtin_exec /home/jhg/oss-fuzz-60074/cpython/Python/clinic/bltinmodule.c.h:583:20
    #20 0x559385110c96 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/jhg/oss-fuzz-60074/cpython/Objects/methodobject.c:438:24

Direct leak of 2888 byte(s) in 4 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e03b3 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1449:29
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #7 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #8 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #9 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #10 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #11 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #12 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #13 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #14 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #15 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #16 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #17 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #18 0x55938540cc09 in run_eval_code_obj /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1727:9
    #19 0x55938540cc09 in run_mod /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1748:19

Direct leak of 2816 byte(s) in 1 object(s) allocated from:
    #0 0x559384eecfc6 in __interceptor_realloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3fc6) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x55938509d353 in list_resize /home/jhg/oss-fuzz-60074/cpython/Objects/listobject.c:82:30
    #2 0x55938509d353 in list_extend /home/jhg/oss-fuzz-60074/cpython/Objects/listobject.c:892:18

Direct leak of 2048 byte(s) in 1 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x559385132dcf in set_add_key /home/jhg/oss-fuzz-60074/cpython/Objects/setobject.c:354:12
    #4 0x559385132dcf in set_update_internal /home/jhg/oss-fuzz-60074/cpython/Objects/setobject.c:913:13
    #5 0x55938513c0ff in make_new_set /home/jhg/oss-fuzz-60074/cpython/Objects/setobject.c:967:13
    #6 0x55938513c0ff in make_new_frozenset /home/jhg/oss-fuzz-60074/cpython/Objects/setobject.c:999:12
    #7 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #8 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #9 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #10 0x5593852cccf3 in builtin_exec_impl /home/jhg/oss-fuzz-60074/cpython/Python/bltinmodule.c:1079:17
    #11 0x5593852cccf3 in builtin_exec /home/jhg/oss-fuzz-60074/cpython/Python/clinic/bltinmodule.c.h:583:20
    #12 0x559385110c96 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/jhg/oss-fuzz-60074/cpython/Objects/methodobject.c:438:24

Indirect leak of 300119 byte(s) in 316 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11

Indirect leak of 9623 byte(s) in 8 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x559385151d0f in type_call /home/jhg/oss-fuzz-60074/cpython/Objects/typeobject.c:1663:11

Indirect leak of 6357 byte(s) in 6 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e0131 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1413:25
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #7 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #8 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #9 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #10 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #11 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #12 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #13 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #14 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #15 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #16 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #17 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #18 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #19 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #20 0x5593852cccf3 in builtin_exec_impl /home/jhg/oss-fuzz-60074/cpython/Python/bltinmodule.c:1079:17
    #21 0x5593852cccf3 in builtin_exec /home/jhg/oss-fuzz-60074/cpython/Python/clinic/bltinmodule.c.h:583:20
    #22 0x559385110c96 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/jhg/oss-fuzz-60074/cpython/Objects/methodobject.c:438:24

Indirect leak of 2195 byte(s) in 2 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e0131 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1413:25
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #7 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #8 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #9 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #10 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #11 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #12 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #13 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #14 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #15 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #16 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #17 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #18 0x5593852cccf3 in builtin_exec_impl /home/jhg/oss-fuzz-60074/cpython/Python/bltinmodule.c:1079:17
    #19 0x5593852cccf3 in builtin_exec /home/jhg/oss-fuzz-60074/cpython/Python/clinic/bltinmodule.c.h:583:20
    #20 0x559385110c96 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/jhg/oss-fuzz-60074/cpython/Objects/methodobject.c:438:24

Indirect leak of 1103 byte(s) in 2 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e0131 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1413:25
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #7 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #8 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #9 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #10 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #11 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #12 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #13 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #14 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #15 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #16 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #17 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #18 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #19 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #20 0x55938540cc09 in run_eval_code_obj /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1727:9
    #21 0x55938540cc09 in run_mod /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1748:19

Indirect leak of 690 byte(s) in 1 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x559385170810 in tp_new_wrapper /home/jhg/oss-fuzz-60074/cpython/Objects/typeobject.c:8325:11

SUMMARY: AddressSanitizer: 481137 byte(s) leaked in 482 allocation(s).

Bug was introduced in 04492cb @markshannon

Your environment

Linux x64, latest cpython main branch checkout.

Linked PRs

• GH-106057: Handle recursion errors in inline class calls properly. #106108

[pablogsal]

This doesn't seem to happen on the parser nor the tokenizer, so I am unasigning us from the issue. Os-fuzz detected that the bug was introduced in 04492cb so I am adding @markshannon to the issue

[markshannon]

If this is related to 04492cb why is the unparse/parse of bytes needed, or is that just as far as the fuzzer can simplify?

[markshannon]

Is there a way to see the original issue without a Google sign in?

[guidovranken]

If this is related to 04492cb why is the unparse/parse of bytes needed, or is that just as far as the fuzzer can simplify?

The fuzzer that found this bug is this, hence the reproducer is structured the same way.

Is there a way to see the original issue without a Google sign in?

I'm afraid not though it doesn't really contain any more information.

[markshannon]

That's helpful, thanks.