[New-bugs-announce] [issue41697] Heap buffer overflow in the parser
Brad Larsen
report at bugs.python.org
Wed Sep 2 21:18:07 EDT 2020
New submission from Brad Larsen <brad at bradfordlarsen.com>:
It looks like commit 4a97b1517a6b5ff22e2984b677a680b07ff0ce11 introduced a heap buffer overflow:
commit 4a97b1517a6b5ff22e2984b677a680b07ff0ce11 (HEAD -> master, origin/master, origin/HEAD)
Author: Pablo Galindo <Pablogsal at gmail.com>
Date: Wed Sep 2 17:44:19 2020 +0100
bpo-41690: Use a loop to collect args in the parser instead of recursion (GH-22053)
This program can segfault the parser by stack overflow:
```
import ast
code = "f(" + ",".join(['a' for _ in range(100000)]) + ")"
print("Ready!")
ast.parse(code)
```
the reason is that the rule for arguments has a simple recursion when collecting args:
args[expr_ty]:
[...]
| a=named_expression b=[',' c=args { c }] {
[...] }
If you try building with clang-10 with `--with-pydebug --with-address-sanitizer`, you should see a crash like the following during the `generate-posix-vars` step:
=================================================================
==39814==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000264148 at pc 0x000001ff3be8 bp 0x7ffec90e5d00 sp 0x7ffec90e5cf8
READ of size 4 at 0x625000264148 thread T0
#0 0x1ff3be7 in _PyPegen_collect_call_seqs /build/python/cpython/Parser/pegen.c:2253:61
#1 0x218ab08 in args_rule /build/python/cpython/Parser/parser.c:12240:20
#2 0x20f8906 in arguments_rule /build/python/cpython/Parser/parser.c:12159:18
#3 0x2158c61 in t_primary_raw /build/python/cpython/Parser/parser.c:14063:18
#4 0x21416fb in t_primary_rule /build/python/cpython/Parser/parser.c:13896:22
#5 0x246d944 in single_subscript_attribute_target_rule /build/python/cpython/Parser/parser.c:13265:18
#6 0x2433a19 in _tmp_20_rule /build/python/cpython/Parser/parser.c:16717:54
#7 0x24016e3 in assignment_rule /build/python/cpython/Parser/parser.c:2093:18
#8 0x23e6617 in small_stmt_rule /build/python/cpython/Parser/parser.c:1526:31
#9 0x2018581 in simple_stmt_rule /build/python/cpython/Parser/parser.c:1424:18
#10 0x200c22c in statement_rule /build/python/cpython/Parser/parser.c:1258:32
#11 0x2007026 in _loop1_11_rule /build/python/cpython/Parser/parser.c:16174:30
#12 0x200455a in statements_rule /build/python/cpython/Parser/parser.c:1193:18
#13 0x230193f in block_rule /build/python/cpython/Parser/parser.c:6257:18
#14 0x205886b in function_def_raw_rule /build/python/cpython/Parser/parser.c:4927:18
#15 0x20229a4 in function_def_rule /build/python/cpython/Parser/parser.c:4856:37
#16 0x200e2da in compound_stmt_rule /build/python/cpython/Parser/parser.c:1872:33
#17 0x200a873 in statement_rule /build/python/cpython/Parser/parser.c:1234:18
#18 0x2007026 in _loop1_11_rule /build/python/cpython/Parser/parser.c:16174:30
#19 0x200455a in statements_rule /build/python/cpython/Parser/parser.c:1193:18
#20 0x230193f in block_rule /build/python/cpython/Parser/parser.c:6257:18
#21 0x2392ac3 in class_def_raw_rule /build/python/cpython/Parser/parser.c:6196:18
#22 0x202fb74 in class_def_rule /build/python/cpython/Parser/parser.c:6139:34
#23 0x2010e47 in compound_stmt_rule /build/python/cpython/Parser/parser.c:1914:30
#24 0x200a873 in statement_rule /build/python/cpython/Parser/parser.c:1234:18
#25 0x2007026 in _loop1_11_rule /build/python/cpython/Parser/parser.c:16174:30
#26 0x200455a in statements_rule /build/python/cpython/Parser/parser.c:1193:18
#27 0x230193f in block_rule /build/python/cpython/Parser/parser.c:6257:18
#28 0x238f31b in else_block_rule /build/python/cpython/Parser/parser.c:3787:18
#29 0x204e3c4 in try_stmt_rule /build/python/cpython/Parser/parser.c:4460:19
#30 0x2014f68 in compound_stmt_rule /build/python/cpython/Parser/parser.c:1977:29
#31 0x200a873 in statement_rule /build/python/cpython/Parser/parser.c:1234:18
#32 0x2007026 in _loop1_11_rule /build/python/cpython/Parser/parser.c:16174:30
#33 0x200455a in statements_rule /build/python/cpython/Parser/parser.c:1193:18
#34 0x1ff8c93 in file_rule /build/python/cpython/Parser/parser.c:726:18
#35 0x1ff742d in _PyPegen_parse /build/python/cpython/Parser/parser.c:24794:18
#36 0x1fc1128 in _PyPegen_run_parser /build/python/cpython/Parser/pegen.c:1111:17
#37 0x1fc5e38 in _PyPegen_run_parser_from_string /build/python/cpython/Parser/pegen.c:1238:14
#38 0x1a8952b in PyParser_ASTFromStringObject /build/python/cpython/Parser/peg_api.c:27:21
#39 0x1339bef in Py_CompileStringObject /build/python/cpython/Python/pythonrun.c:1203:11
#40 0x1f2ac43 in builtin_compile_impl /build/python/cpython/Python/bltinmodule.c:819:14
#41 0x1f1902a in builtin_compile /build/python/cpython/Python/clinic/bltinmodule.c.h:249:20
#42 0x1cab483 in cfunction_vectorcall_FASTCALL_KEYWORDS /build/python/cpython/Objects/methodobject.c:440:24
#43 0x58bfa8 in PyVectorcall_Call /build/python/cpython/Objects/call.c:242:24
#44 0x58c3c6 in _PyObject_Call /build/python/cpython/Objects/call.c:265:16
#45 0x58c8b1 in PyObject_Call /build/python/cpython/Objects/call.c:292:12
#46 0x1017138 in do_call_core /build/python/cpython/Python/ceval.c:5141:9
#47 0xfeada4 in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3609:22
#48 0xf4068b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#49 0x1025062 in _PyEval_EvalCode /build/python/cpython/Python/ceval.c:4376:14
#50 0x58ec4e in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:395:12
#51 0x10365bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#52 0x1014541 in PyObject_Vectorcall /build/python/cpython/./Include/cpython/abstract.h:123:12
#53 0x10151c6 in call_function /build/python/cpython/Python/ceval.c:5121:13
#54 0xfe8b6a in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3564:19
#55 0xf4068b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#56 0x1025062 in _PyEval_EvalCode /build/python/cpython/Python/ceval.c:4376:14
#57 0x58ec4e in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:395:12
#58 0x10365bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#59 0x1014541 in PyObject_Vectorcall /build/python/cpython/./Include/cpython/abstract.h:123:12
#60 0x10151c6 in call_function /build/python/cpython/Python/ceval.c:5121:13
#61 0xfe5f00 in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3533:23
#62 0x59721b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#63 0x58f614 in function_code_fastcall /build/python/cpython/Objects/call.c:329:24
#64 0x58d86d in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:366:20
#65 0x10365bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#66 0x1014541 in PyObject_Vectorcall /build/python/cpython/./Include/cpython/abstract.h:123:12
#67 0x10151c6 in call_function /build/python/cpython/Python/ceval.c:5121:13
#68 0xfe5f00 in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3533:23
#69 0x59721b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#70 0x58f614 in function_code_fastcall /build/python/cpython/Objects/call.c:329:24
#71 0x58d86d in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:366:20
#72 0x10365bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#73 0x1014541 in PyObject_Vectorcall /build/python/cpython/./Include/cpython/abstract.h:123:12
#74 0x10151c6 in call_function /build/python/cpython/Python/ceval.c:5121:13
#75 0xfe5f00 in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3533:23
#76 0x59721b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#77 0x58f614 in function_code_fastcall /build/python/cpython/Objects/call.c:329:24
#78 0x58d86d in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:366:20
#79 0x10365bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#80 0x1014541 in PyObject_Vectorcall /build/python/cpython/./Include/cpython/abstract.h:123:12
#81 0x10151c6 in call_function /build/python/cpython/Python/ceval.c:5121:13
#82 0xfe71eb in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3547:19
#83 0x59721b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#84 0x58f614 in function_code_fastcall /build/python/cpython/Objects/call.c:329:24
#85 0x58d86d in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:366:20
#86 0x10365bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#87 0x1014541 in PyObject_Vectorcall /build/python/cpython/./Include/cpython/abstract.h:123:12
#88 0x10151c6 in call_function /build/python/cpython/Python/ceval.c:5121:13
#89 0xfe71eb in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3547:19
#90 0x59721b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#91 0x58f614 in function_code_fastcall /build/python/cpython/Objects/call.c:329:24
#92 0x58d86d in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:366:20
#93 0x5946bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#94 0x5959b3 in object_vacall /build/python/cpython/Objects/call.c:791:14
#95 0x595f4c in _PyObject_CallMethodIdObjArgs /build/python/cpython/Objects/call.c:882:24
#96 0x11ffca4 in import_find_and_load /build/python/cpython/Python/import.c:1765:11
#97 0x11fbbc7 in PyImport_ImportModuleLevelObject /build/python/cpython/Python/import.c:1866:15
#98 0x100dc88 in import_name /build/python/cpython/Python/ceval.c:5242:15
#99 0xfc8157 in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3126:19
#100 0xf4068b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#101 0x1025062 in _PyEval_EvalCode /build/python/cpython/Python/ceval.c:4376:14
#102 0x102a75f in _PyEval_EvalCodeWithName /build/python/cpython/Python/ceval.c:4408:12
#103 0xf402c5 in PyEval_EvalCodeEx /build/python/cpython/Python/ceval.c:4424:12
#104 0xf3ff2d in PyEval_EvalCode /build/python/cpython/Python/ceval.c:857:12
#105 0x1f2cc4e in builtin_exec_impl /build/python/cpython/Python/bltinmodule.c:1035:13
#106 0x1f1aa5d in builtin_exec /build/python/cpython/Python/clinic/bltinmodule.c.h:371:20
#107 0x1caae6e in cfunction_vectorcall_FASTCALL /build/python/cpython/Objects/methodobject.c:424:24
#108 0x58bcb5 in PyVectorcall_Call /build/python/cpython/Objects/call.c:230:16
#109 0x58c3c6 in _PyObject_Call /build/python/cpython/Objects/call.c:265:16
#110 0x58c8b1 in PyObject_Call /build/python/cpython/Objects/call.c:292:12
#111 0x1017138 in do_call_core /build/python/cpython/Python/ceval.c:5141:9
#112 0xfeada4 in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3609:22
#113 0xf4068b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#114 0x1025062 in _PyEval_EvalCode /build/python/cpython/Python/ceval.c:4376:14
#115 0x58ec4e in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:395:12
#116 0x10365bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#117 0x1014541 in PyObject_Vectorcall /build/python/cpython/./Include/cpython/abstract.h:123:12
#118 0x10151c6 in call_function /build/python/cpython/Python/ceval.c:5121:13
#119 0xfe5a21 in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3516:23
#120 0x59721b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#121 0x58f614 in function_code_fastcall /build/python/cpython/Objects/call.c:329:24
#122 0x58d86d in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:366:20
#123 0x10365bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#124 0x1014541 in PyObject_Vectorcall /build/python/cpython/./Include/cpython/abstract.h:123:12
#125 0x10151c6 in call_function /build/python/cpython/Python/ceval.c:5121:13
#126 0xfe5f00 in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3533:23
#127 0x59721b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#128 0x58f614 in function_code_fastcall /build/python/cpython/Objects/call.c:329:24
#129 0x58d86d in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:366:20
#130 0x10365bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#131 0x1014541 in PyObject_Vectorcall /build/python/cpython/./Include/cpython/abstract.h:123:12
#132 0x10151c6 in call_function /build/python/cpython/Python/ceval.c:5121:13
#133 0xfe71eb in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3547:19
#134 0x59721b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#135 0x58f614 in function_code_fastcall /build/python/cpython/Objects/call.c:329:24
#136 0x58d86d in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:366:20
#137 0x10365bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#138 0x1014541 in PyObject_Vectorcall /build/python/cpython/./Include/cpython/abstract.h:123:12
#139 0x10151c6 in call_function /build/python/cpython/Python/ceval.c:5121:13
#140 0xfe71eb in _PyEval_EvalFrameDefault /build/python/cpython/Python/ceval.c:3547:19
#141 0x59721b in _PyEval_EvalFrame /build/python/cpython/./Include/internal/pycore_ceval.h:40:12
#142 0x58f614 in function_code_fastcall /build/python/cpython/Objects/call.c:329:24
#143 0x58d86d in _PyFunction_Vectorcall /build/python/cpython/Objects/call.c:366:20
#144 0x5946bd in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:114:11
#145 0x5959b3 in object_vacall /build/python/cpython/Objects/call.c:791:14
#146 0x595f4c in _PyObject_CallMethodIdObjArgs /build/python/cpython/Objects/call.c:882:24
#147 0x11ffca4 in import_find_and_load /build/python/cpython/Python/import.c:1765:11
#148 0x11fbbc7 in PyImport_ImportModuleLevelObject /build/python/cpython/Python/import.c:1866:15
#149 0x1f1601a in builtin___import__ /build/python/cpython/Python/bltinmodule.c:280:12
#150 0x1cb2676 in cfunction_call /build/python/cpython/Objects/methodobject.c:537:18
#151 0x5873a9 in _PyObject_MakeTpCall /build/python/cpython/Objects/call.c:191:18
#152 0x594638 in _PyObject_VectorcallTstate /build/python/cpython/./Include/cpython/abstract.h:112:16
#153 0x591aaa in _PyObject_CallFunctionVa /build/python/cpython/Objects/call.c:542:18
#154 0x590ea2 in PyObject_CallFunction /build/python/cpython/Objects/call.c:564:14
#155 0x11f8d6e in PyImport_Import /build/python/cpython/Python/import.c:2067:9
#156 0x11eb740 in PyImport_ImportModule /build/python/cpython/Python/import.c:1482:14
#157 0x12f10ac in init_sys_streams /build/python/cpython/Python/pylifecycle.c:1962:19
#158 0x12eed4d in init_interp_main /build/python/cpython/Python/pylifecycle.c:1034:14
#159 0x12e3727 in pyinit_main /build/python/cpython/Python/pylifecycle.c:1107:23
#160 0x12e41cf in Py_InitializeFromConfig /build/python/cpython/Python/pylifecycle.c:1151:18
#161 0x4e6b2d in pymain_init /build/python/cpython/Modules/main.c:66:14
#162 0x4df188 in pymain_main /build/python/cpython/Modules/main.c:694:23
#163 0x4df653 in Py_BytesMain /build/python/cpython/Modules/main.c:727:12
#164 0x4dcec7 in main /build/python/cpython/./Programs/python.c:15:12
#165 0x7fda2537d0b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16
#166 0x43501d in _start (/build/python/cpython/python+0x43501d)
0x625000264148 is located 16 bytes to the right of 8248-byte region [0x625000262100,0x625000264138)
allocated by thread T0 here:
#0 0x4ad75d in malloc (/build/python/cpython/python+0x4ad75d)
#1 0x8afdec in _PyMem_RawMalloc /build/python/cpython/Objects/obmalloc.c:99:12
#2 0x8b909e in _PyMem_DebugRawAlloc /build/python/cpython/Objects/obmalloc.c:2145:24
#3 0x8b0a36 in _PyMem_DebugRawMalloc /build/python/cpython/Objects/obmalloc.c:2178:12
#4 0x8b39e3 in _PyMem_DebugMalloc /build/python/cpython/Objects/obmalloc.c:2330:12
#5 0x8b5b32 in PyMem_Malloc /build/python/cpython/Objects/obmalloc.c:605:12
#6 0x1f906d2 in block_new /build/python/cpython/Python/pyarena.c:80:25
#7 0x1f93300 in block_alloc /build/python/cpython/Python/pyarena.c:111:24
#8 0x1f91bd1 in PyArena_Malloc /build/python/cpython/Python/pyarena.c:182:15
#9 0x1cf79e7 in _Py_arg /build/python/cpython/Python/Python-ast.c:3516:17
#10 0x233c6d3 in param_rule /build/python/cpython/Parser/parser.c:5946:20
#11 0x2338044 in param_with_default_rule /build/python/cpython/Parser/parser.c:5790:18
#12 0x2323c16 in _loop1_153_rule /build/python/cpython/Parser/parser.c:24561:39
#13 0x2319647 in _tmp_134_rule /build/python/cpython/Parser/parser.c:23634:31
#14 0x23093c5 in invalid_parameters_rule /build/python/cpython/Parser/parser.c:15128:29
#15 0x22f6a43 in params_rule /build/python/cpython/Parser/parser.c:5124:39
#16 0x2058782 in function_def_raw_rule /build/python/cpython/Parser/parser.c:4917:23
#17 0x20229a4 in function_def_rule /build/python/cpython/Parser/parser.c:4856:37
#18 0x200e2da in compound_stmt_rule /build/python/cpython/Parser/parser.c:1872:33
#19 0x200a873 in statement_rule /build/python/cpython/Parser/parser.c:1234:18
#20 0x2007026 in _loop1_11_rule /build/python/cpython/Parser/parser.c:16174:30
#21 0x200455a in statements_rule /build/python/cpython/Parser/parser.c:1193:18
#22 0x230193f in block_rule /build/python/cpython/Parser/parser.c:6257:18
#23 0x2392ac3 in class_def_raw_rule /build/python/cpython/Parser/parser.c:6196:18
#24 0x202fb74 in class_def_rule /build/python/cpython/Parser/parser.c:6139:34
#25 0x2010e47 in compound_stmt_rule /build/python/cpython/Parser/parser.c:1914:30
#26 0x200a873 in statement_rule /build/python/cpython/Parser/parser.c:1234:18
#27 0x2007026 in _loop1_11_rule /build/python/cpython/Parser/parser.c:16174:30
#28 0x200455a in statements_rule /build/python/cpython/Parser/parser.c:1193:18
#29 0x230193f in block_rule /build/python/cpython/Parser/parser.c:6257:18
SUMMARY: AddressSanitizer: heap-buffer-overflow /build/python/cpython/Parser/pegen.c:2253:61 in _PyPegen_collect_call_seqs
Shadow bytes around the buggy address:
0x0c4a800447d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a800447e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a800447f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80044800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80044810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c4a80044820: 00 00 00 00 00 00 00 fa fa[fa]fa fa fa fa fa fa
0x0c4a80044830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80044840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80044850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80044860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80044870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==39814==ABORTING
In particular, the stack trace here in the ASAN output indicates that it's the `EXTRA_EXPR(first, last)` macro use in this line that's problematic:
return _Py_Call(_PyPegen_dummy_name(p), args, keywords, EXTRA_EXPR(first, last));
----------
components: Interpreter Core
messages: 376270
nosy: blarsen, gvanrossum, pablogsal
priority: normal
severity: normal
status: open
title: Heap buffer overflow in the parser
type: crash
versions: Python 3.10
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41697>
_______________________________________
More information about the New-bugs-announce
mailing list