Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-08 06:10:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

[3.13] gh-140471: Fix buffer overflow in AST node initialization with malformed _fields (GH-140506) (#140510)

Browse source 
(cherry picked from commit 95953b692d)
This commit is contained in:
Stan Ulbrych 2025-10-24 00:38:02 +01:00 committed by GitHub
parent adf0c11a26
commit 1cc2c954d6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 15 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Lib/test/test_ast/test_ast.py
View file

@ -3119,6 +3119,15 @@ class MoreFieldsThanTypes(ast.AST):
self.assertEqual(obj.a, 1) self.assertEqual(obj.a, 1)
self.assertEqual(obj.b, 2) self.assertEqual(obj.b, 2)
def test_malformed_fields_with_bytes(self):
class BadFields(ast.AST):
_fields = (b'\xff'*64,)
_field_types = {'a': int}
# This should not crash
with self.assertWarnsRegex(DeprecationWarning, r"Field b'\\xff\\xff.*' .*"):
obj = BadFields()
def test_complete_field_types(self): def test_complete_field_types(self):
class _AllFieldTypes(ast.AST): class _AllFieldTypes(ast.AST):
_fields = ("a", "b") _fields = ("a", "b")

2
Misc/NEWS.d/next/Core and Builtins/2025-10-23-16-05-50.gh-issue-140471.Ax_aXn.rst Normal file
View file

@ -0,0 +1,2 @@
Fix potential buffer overflow in :class:`ast.AST` node initialization when
encountering malformed :attr:`~ast.AST._fields` containing non-:class:`str`.

4
Parser/asdl_c.py
View file

@ -1006,7 +1006,7 @@ def visitModule(self, mod):
else { else {
if (PyErr_WarnFormat( if (PyErr_WarnFormat(
PyExc_DeprecationWarning, 1, PyExc_DeprecationWarning, 1,
"Field '%U' is missing from %.400s._field_types. " "Field %R is missing from %.400s._field_types. "
"This will become an error in Python 3.15.", "This will become an error in Python 3.15.",
name, Py_TYPE(self)->tp_name name, Py_TYPE(self)->tp_name
) < 0) { ) < 0) {
@ -1041,7 +1041,7 @@ def visitModule(self, mod):
// simple field (e.g., identifier) // simple field (e.g., identifier)
if (PyErr_WarnFormat( if (PyErr_WarnFormat(
PyExc_DeprecationWarning, 1, PyExc_DeprecationWarning, 1,
"%.400s.__init__ missing 1 required positional argument: '%U'. " "%.400s.__init__ missing 1 required positional argument: %R. "
"This will become an error in Python 3.15.", "This will become an error in Python 3.15.",
Py_TYPE(self)->tp_name, name Py_TYPE(self)->tp_name, name
) < 0) { ) < 0) {

4
Python/Python-ast.c generated
View file

@ -5203,7 +5203,7 @@ ast_type_init(PyObject *self, PyObject *args, PyObject *kw)
else { else {
if (PyErr_WarnFormat( if (PyErr_WarnFormat(
PyExc_DeprecationWarning, 1, PyExc_DeprecationWarning, 1,
"Field '%U' is missing from %.400s._field_types. " "Field %R is missing from %.400s._field_types. "
"This will become an error in Python 3.15.", "This will become an error in Python 3.15.",
name, Py_TYPE(self)->tp_name name, Py_TYPE(self)->tp_name
) < 0) { ) < 0) {
@ -5238,7 +5238,7 @@ ast_type_init(PyObject *self, PyObject *args, PyObject *kw)
// simple field (e.g., identifier) // simple field (e.g., identifier)
if (PyErr_WarnFormat( if (PyErr_WarnFormat(
PyExc_DeprecationWarning, 1, PyExc_DeprecationWarning, 1,
"%.400s.__init__ missing 1 required positional argument: '%U'. " "%.400s.__init__ missing 1 required positional argument: %R. "
"This will become an error in Python 3.15.", "This will become an error in Python 3.15.",
Py_TYPE(self)->tp_name, name Py_TYPE(self)->tp_name, name
) < 0) { ) < 0) {