Steve Stagg <stest...@gmail.com> added the comment:
In python 3.7/8, It's a stack overflow in the constant folding code.
On master, the overflow seems to come out of validate_expr.c.
* thread #1, name = 'python3', stop reason = signal SIGSEGV: invalid address
(fault address: 0x7fffff7feff8)
frame #0: 0x00005555557aadba python3`validate_expr(exp=0x00005555602617c0,
ctx=Load) at ast.c:224:16
221 }
222 return validate_exprs(exp->v.BoolOp.values, Load, 0);
223 case BinOp_kind:
-> 224 return validate_expr(exp->v.BinOp.left, Load) &&
225 validate_expr(exp->v.BinOp.right, Load);
226 case UnaryOp_kind:
227 return validate_expr(exp->v.UnaryOp.operand, Load);
300,000 ish stack frames of this:
frame #70832: 0x00005555557aadbf
python3`validate_expr(exp=0x000055556150af40, ctx=Load) at ast.c:224:16
frame #70833: 0x00005555557aadbf
python3`validate_expr(exp=0x000055556150b050, ctx=Load) at ast.c:224:16
frame #70834: 0x00005555557aadbf
python3`validate_expr(exp=0x000055556150b160, ctx=Load) at ast.c:224:16
frame #70835: 0x00005555557aadbf
python3`validate_expr(exp=0x000055556150b270, ctx=Load) at ast.c:224:16
frame #70836: 0x00005555557aadbf
python3`validate_expr(exp=0x000055556150b380, ctx=Load) at ast.c:224:16
frame #70837: 0x00005555557aadbf
python3`validate_expr(exp=0x000055556150b490, ctx=Load) at ast.c:224:16
frame #70838: 0x00005555557aadbf
python3`validate_expr(exp=0x000055556150b5a0, ctx=Load) at ast.c:224:16
frame #70839: 0x00005555557aadbf
python3`validate_expr(exp=0x000055556150b6b0, ctx=Load) at ast.c:224:16
On the one hand, pure python code should never segfault, on the other hand,
`eval`ling untrusted input has bigger problems than a segfault on carefully
crafted input.
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue42609>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
