Description
Crash report
What happened?
PyErr_Format function has wrong a format string %s.
So, the format string must be removed.
A python executable with building attached patch file do work well.
- trigger code
class evil(1):
pass- Root cause source location
static PyObject *
long_vectorcall(PyObject *type, PyObject * const*args,
size_t nargsf, PyObject *kwnames)
{
Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
if (kwnames != NULL) {
PyThreadState *tstate = PyThreadState_GET();
return _PyObject_MakeTpCall(tstate, type, args, nargs, kwnames);
}
switch (nargs) {
case 0:
return _PyLong_GetZero();
case 1:
return PyNumber_Long(args[0]);
case 2:
return long_new_impl(_PyType_CAST(type), args[0], args[1]);
default:
return PyErr_Format(PyExc_TypeError,
"int expected at most 2 argument%s, got %zd", // <-- here
nargs);
}
}-
patch file
bugfix.patch -
asan log
asan
==146567==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000003 (pc 0xffffa3159950 bp 0xffffcc068cc0 sp 0xffffcc068cc0 T0)
==146567==The signal is caused by a READ memory access.
==146567==Hint: address points to the zero page.
#0 0xffffa3159950 (/lib/aarch64-linux-gnu/libc.so.6+0x99950)
#1 0xffffa334e078 in __interceptor_strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:387
#2 0xaaaaca78de70 in unicode_fromformat_write_cstr Objects/unicodeobject.c:2384
#3 0xaaaaca78f3f0 in unicode_fromformat_arg Objects/unicodeobject.c:2697
#4 0xaaaaca78fa1c in PyUnicode_FromFormatV Objects/unicodeobject.c:2816
#5 0xaaaaca926bc4 in PyErr_FormatV Python/errors.c:1161
#6 0xaaaaca9246e4 in PyErr_Format Python/errors.c:1196
#7 0xaaaaca62187c in long_vectorcall Objects/longobject.c:6173
#8 0xaaaaca58a540 in PyObject_VectorcallDictTstate Objects/call.c:135
#9 0xaaaaca58a7b8 in PyObject_VectorcallDict Objects/call.c:159
#10 0xaaaaca861a10 in builtin___build_class Python/bltinmodule.c:216
#11 0xaaaaca66cc70 in cfunction_vectorcall_FASTCALL_KEYWORDS Objects/methodobject.c:441
#12 0xaaaaca58661c in _PyObject_VectorcallTstate Include/internal/pycore_call.h:168
#13 0xaaaaca586758 in PyObject_Vectorcall Objects/call.c:327
#14 0xaaaaca8a2120 in _PyEval_EvalFrameDefault Python/generated_cases.c.h:4344
#15 0xaaaaca8d5574 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:115
#16 0xaaaaca8d5574 in _PyEval_Vector Python/ceval.c:1783
#17 0xaaaaca8d573c in PyEval_EvalCode Python/ceval.c:591
#18 0xaaaaca9cb214 in run_eval_code_obj Python/pythonrun.c:1294
#19 0xaaaaca9ce108 in run_mod Python/pythonrun.c:1379
#20 0xaaaaca9cebfc in PyRun_InteractiveOneObjectEx Python/pythonrun.c:287
#21 0xaaaaca9d0ce8 in _PyRun_InteractiveLoopObject Python/pythonrun.c:136
#22 0xaaaaca9d16c8 in _PyRun_AnyFileObject Python/pythonrun.c:71
#23 0xaaaaca9d181c in PyRun_AnyFileExFlags Python/pythonrun.c:103
#24 0xaaaacaa2dbd0 in pymain_run_stdin Modules/main.c:517
#25 0xaaaacaa2f9b8 in pymain_run_python Modules/main.c:631
#26 0xaaaacaa2fc18 in Py_RunMain Modules/main.c:707
#27 0xaaaacaa2fe08 in pymain_main Modules/main.c:737
#28 0xaaaacaa30144 in Py_BytesMain Modules/main.c:761
#29 0xaaaaca3eb4dc in main Programs/python.c:15
#30 0xffffa30e73f8 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#31 0xffffa30e74c8 in __libc_start_main_impl ../csu/libc-start.c:392
#32 0xaaaaca3eb3ec in _start (/home/kk/projects/cpython/python+0x27b3ec)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/aarch64-linux-gnu/libc.so.6+0x99950)
==146567==ABORTING
- work well stdout in interpreter
>>> class evil(1):
... pass
...
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
class evil(1):
TypeError: int expected at most 2 arguments, got 3
>>>
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.13.0a2 (tags/v3.13.0a2-dirty:9c4347ef8b, Jan 14 2024, 06:56:06) [GCC 11.4.0]