New submission from Steve Stagg <stest...@gmail.com>:
The input `p=p=` causes python 3.10 to crash. I bisected the change, and the behavior appears to have been introduced by 16ab07063cb564c1937714bd39d6915172f005b5 (bpo-40334: Correctly identify invalid target in assignment errors (GH-20076) ) Steps to reproduce: $ echo 'p=p=' | /path/to/python3.10 === SIGSEGV (Address boundary error) Analysis: This code is an invalid assignment, and the parser tries to generate a useful message for this case (invalid_assignment_rule). However, the `target` of the assignment is a Name node. The invalid_assignment_rule function tries to identify the target of the assignment, to create a useful description for the error menssage by calling `_PyPegen_get_invalid_target`, passing in the Name Node. `PyPegen_get_invalid_target` returns NULL if the type is a Name type (pegen.c:2114). The result of this call is then passed unconditionally to _PyPegen_get_expr_name, which is expecting a statement, not NULL. Error happens here: pegen.c:164 `_PyPegen_get_expr_name(expr_ty e)` is being called with `e = 0x0` ---------- components: Interpreter Core messages: 370916 nosy: stestagg priority: normal severity: normal status: open title: Segfault in new PEG parser type: crash versions: Python 3.10 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue40903> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
