gh-125010: Fix `use-after-free` in AST `repr()` (#125015)

This commit is contained in:
Tomas R. 2024-10-06 21:46:03 +02:00 committed by GitHub
parent 3fc673e97d
commit a1be83dae3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 7 additions and 2 deletions

View File

@ -789,6 +789,13 @@ class AST_Tests(unittest.TestCase):
with self.subTest(test_input=test): with self.subTest(test_input=test):
self.assertEqual(repr(ast.parse(test)), snapshot) self.assertEqual(repr(ast.parse(test)), snapshot)
def test_repr_large_input_crash(self):
# gh-125010: Fix use-after-free in ast repr()
source = "0x0" + "e" * 10_000
with self.assertRaisesRegex(ValueError,
r"Exceeds the limit \(\d+ digits\)"):
repr(ast.Constant(value=eval(source)))
class CopyTests(unittest.TestCase): class CopyTests(unittest.TestCase):
"""Test copying and pickling AST nodes.""" """Test copying and pickling AST nodes."""

View File

@ -1608,7 +1608,6 @@ ast_repr_max_depth(AST_object *self, int depth)
if (!value_repr) { if (!value_repr) {
Py_DECREF(name); Py_DECREF(name);
Py_DECREF(value);
goto error; goto error;
} }

1
Python/Python-ast.c generated
View File

@ -5809,7 +5809,6 @@ ast_repr_max_depth(AST_object *self, int depth)
if (!value_repr) { if (!value_repr) {
Py_DECREF(name); Py_DECREF(name);
Py_DECREF(value);
goto error; goto error;
} }