Skip to content

/ cpython

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bpo-32758: warn that a couple ast functions can crash the interpreter #5960

Merged
merged 1 commit into from Mar 9, 2018
Merged

bpo-32758: warn that a couple ast functions can crash the interpreter #5960

merged 1 commit into from Mar 9, 2018

Conversation

@brettcannon
Copy link
Member

brettcannon commented Mar 2, 2018
edited by bedevere-bot

Both ast.parse() and ast.literal_eval() can trigger a segfault with the appropriate string input due to the recursion depth limit of the AST compiler.

https://bugs.python.org/issue32758
@brettcannon
Warn that ast.parse() and ast.literal_eval() can segfault the interpr…
Loading status checks…
9099aa6 
…eter
@brettcannon brettcannon requested a review from serhiy-storchaka Mar 2, 2018
@brettcannon brettcannon self-assigned this Mar 5, 2018
@brettcannon

This comment has been minimized.

Sign in to view
Copy link
Member Author

brettcannon commented Mar 5, 2018

Got approval for the wording from @serhiy-storchaka in the issue itself, but he also pointed out that there are implicit uses of the troublesome functions in various other places, so the comment needs to spread out a bit more before this PR can get merged.
@brettcannon brettcannon merged commit 7a7f100 into python:master Mar 9, 2018
4 checks passed
4 checks passed
bedevere/issue-number Issue number 32758 found
Details
bedevere/news "skip news" label found
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@miss-islington

This comment has been minimized.

Sign in to view
Copy link

miss-islington commented Mar 9, 2018

Thanks @brettcannon for the PR 🌮🎉.. I'm working now to backport this PR to: 2.7, 3.6, 3.7.
🐍🍒🤖
@brettcannon brettcannon deleted the brettcannon:ast-warning branch Mar 9, 2018
miss-islington added a commit to miss-islington/cpython that referenced this pull request Mar 9, 2018
@brettcannon @miss-islington
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
f3f8eec 
…the interpreter (pythonGH-5960)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>
@bedevere-bot

This comment has been minimized.

Sign in to view
Copy link

bedevere-bot commented Mar 9, 2018

GH-6041 is a backport of this pull request to the 3.7 branch.
@miss-islington

This comment has been minimized.

Sign in to view
Copy link

miss-islington commented Mar 9, 2018

Sorry, @brettcannon, I could not cleanly backport this to 2.7 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 7a7f100eb352d08938ee0f5ba59c18f56dc4a7b5 2.7
miss-islington added a commit to miss-islington/cpython that referenced this pull request Mar 9, 2018
@brettcannon @miss-islington
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
9714fba 
…the interpreter (pythonGH-5960)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>
@bedevere-bot

This comment has been minimized.

Sign in to view
Copy link

bedevere-bot commented Mar 9, 2018

GH-6042 is a backport of this pull request to the 3.6 branch.
brettcannon added a commit that referenced this pull request Mar 9, 2018
@miss-islington @brettcannon
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
Loading status checks…
b316c44 
…the interpreter (GH-5960) (GH-6042)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>
brettcannon added a commit that referenced this pull request Mar 9, 2018
@miss-islington @brettcannon
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
Loading status checks…
f2fffd4 
…the interpreter (GH-5960) (GH-6041)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>
jo2y added a commit to jo2y/cpython that referenced this pull request Mar 23, 2018
@brettcannon @jo2y
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
6b2d76f 
…the interpreter (pythonGH-5960)
yahya-abou-imran added a commit to yahya-abou-imran/cpython that referenced this pull request Nov 2, 2018
@brettcannon @yahya-abou-imran
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
a173af2 
…the interpreter (pythonGH-5960)
@naglis naglis mentioned this pull request Nov 9, 2018
Open
@naglis naglis mentioned this pull request Nov 21, 2018
Open
AWhetter added a commit to AWhetter/cpython that referenced this pull request Oct 3, 2019
@brettcannon @AWhetter
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
62a1224 
…the interpreter (pythonGH-5960)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>
@bedevere-bot

This comment has been minimized.

Sign in to view
Copy link

bedevere-bot commented Oct 3, 2019

GH-16565 is a backport of this pull request to the 2.7 branch.
serhiy-storchaka added a commit that referenced this pull request Oct 18, 2019
@AWhetter @brettcannon @serhiy-storchaka
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
dedb99a 
…the interpreter (GH-5960) (GH-16565)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@serhiy-storchaka serhiy-storchaka

Assignees

@brettcannon brettcannon

Labels
CLA signed skip news type-documentation
Projects
None yet
Milestone
No milestone
4 participants
@brettcannon @miss-islington @bedevere-bot @the-knights-who-say-ni
You can’t perform that action at this time.