Skip to content

[3.6] bpo-31852: Fix segfault caused by using the async soft keyword #4122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 31, 2017
Merged

[3.6] bpo-31852: Fix segfault caused by using the async soft keyword #4122

merged 4 commits into from
Oct 31, 2017

Conversation

pablogsal
Copy link
Member

@pablogsal pablogsal commented Oct 25, 2017
edited
Loading

This PR solves a segmentation fault in Python 3.6 caused by a combination of the async soft keyword and continuation lines. Steps to reproduce:

>>> async \
...
  File "<stdin>", line 1
    \ufffd\ufffdF\ufffd\ufffd
         ^
SyntaxError: invalid syntax
>>> async \
Segmentation fault

As @Haypo mentioned in the issue you can use this file to use the issue in the tokenizer to induce a buffer overflow. This PR solves this issue as well.

The current implementation checks if the current token is ASYNC and sets a sentient value (2) in the tok->async_def before looking for the token ahead (which is the step where the segfault happens). The value of tok->async_def gets overwritten after the lookahead by the usual value (1). As this particular issues are fixed by #1669 in the current master (3.7) this PR acts as a mere patch.

https://bugs.python.org/issue31852

vstinner
vstinner reviewed Oct 26, 2017
View reviewed changes
Parser/tokenizer.c Outdated
@@ -1844,6 +1850,10 @@ tok_get(struct tok_state *tok, char **p_start, char **p_end)
/* Line continuation */
if (c == '\\') {
c = tok_nextc(tok);
if ( tok->async_def == 2){
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Coding style, please write: "if (...) {" (fix spacing)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 7518077

@pablogsal
Copy link
Member Author

Should I add a NEWS entry?

@vstinner
Copy link
Member

vstinner commented Oct 26, 2017 via email

@pablogsal
Copy link
Member Author

Added in e5b1993

@pablogsal
Copy link
Member Author

@Haypo There is anything more I should change?

@vstinner vstinner requested a review from 1st1 October 30, 2017 16:30
@vstinner
Copy link
Member

@1st1: Would you mind to review this PR please?

1st1
1st1 approved these changes Oct 30, 2017
View reviewed changes
Copy link
Member

@1st1 1st1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is an OK fix. Let's merge it.

@vstinner vstinner merged commit 690c36f into python:3.6 Oct 31, 2017
@vstinner
Copy link
Member

Thank you @pablogsal! I merged your PR.

@pablogsal pablogsal deleted the bpo31852 branch October 31, 2017 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vstinner vstinner vstinner left review comments

@1st1 1st1 1st1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pablogsal @vstinner @1st1 @the-knights-who-say-ni @bedevere-bot