cpython/Lib/test/crashers/bogus_sre_bytecode.py

"""
The regular expression engine in '_sre' can segfault when interpreting
bogus bytecode.

It is unclear whether this is a real bug or a "won't fix" case like
bogus_code_obj.py, because it requires bytecode that is built by hand,
as opposed to compiled by 're' from a string-source regexp.  The
difference with bogus_code_obj, though, is that the only existing regexp
compiler is written in Python, so that the C code has no choice but
accept arbitrary bytecode from Python-level.

The test below builds and runs random bytecodes until 'match' crashes
Python.  I have not investigated why exactly segfaults occur nor how
hard they would be to fix.  Here are a few examples of 'code' that
segfault for me:

    [21, 50814, 8, 29, 16]
    [21, 3967, 26, 10, 23, 54113]
    [29, 23, 0, 2, 5]
    [31, 64351, 0, 28, 3, 22281, 20, 4463, 9, 25, 59154, 15245, 2,
                  16343, 3, 11600, 24380, 10, 37556, 10, 31, 15, 31]

Here is also a 'code' that triggers an infinite uninterruptible loop:

    [29, 1, 8, 21, 1, 43083, 6]

"""

import _sre, random

def pick():
    n = random.randrange(-65536, 65536)
    if n < 0:
        n &= 31
    return n

ss = ["", "world", "x" * 500]

while 1:
    code = [pick() for i in range(random.randrange(5, 25))]
    print code
    pat = _sre.compile(None, 0, code)
    for s in ss:
        try:
            pat.match(s)
        except RuntimeError:
            pass
The regular expression engine in '_sre' can segfault when interpreting bogus bytecode. It is unclear whether this is a real bug or a "won't fix" case like bogus_code_obj.py. 2006-08-25 12:44:28 +00:00			`"""`
			`The regular expression engine in '_sre' can segfault when interpreting`
			`bogus bytecode.`

			`It is unclear whether this is a real bug or a "won't fix" case like`
			`bogus_code_obj.py, because it requires bytecode that is built by hand,`
			`as opposed to compiled by 're' from a string-source regexp. The`
			`difference with bogus_code_obj, though, is that the only existing regexp`
			`compiler is written in Python, so that the C code has no choice but`
			`accept arbitrary bytecode from Python-level.`

			`The test below builds and runs random bytecodes until 'match' crashes`
			`Python. I have not investigated why exactly segfaults occur nor how`
			`hard they would be to fix. Here are a few examples of 'code' that`
			`segfault for me:`

			`[21, 50814, 8, 29, 16]`
			`[21, 3967, 26, 10, 23, 54113]`
			`[29, 23, 0, 2, 5]`
			`[31, 64351, 0, 28, 3, 22281, 20, 4463, 9, 25, 59154, 15245, 2,`
			`16343, 3, 11600, 24380, 10, 37556, 10, 31, 15, 31]`

			`Here is also a 'code' that triggers an infinite uninterruptible loop:`

			`[29, 1, 8, 21, 1, 43083, 6]`

			`"""`

			`import _sre, random`

			`def pick():`
			`n = random.randrange(-65536, 65536)`
			`if n < 0:`
			`n &= 31`
			`return n`

			`ss = ["", "world", "x" * 500]`

			`while 1:`
			`code = [pick() for i in range(random.randrange(5, 25))]`
			`print code`
			`pat = _sre.compile(None, 0, code)`
			`for s in ss:`
			`try:`
			`pat.match(s)`
			`except RuntimeError:`
			`pass`