From b4c857d0fd74abb1ede6fe083c4fa3ca728b2b83 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 11 Aug 2022 10:55:57 +0200 Subject: [PATCH] gh-95876: Fix format string in pegen error location code (#95877) --- .../2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst | 4 ++++ Parser/pegen_errors.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst b/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst new file mode 100644 index 00000000000..96b69015a58 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst @@ -0,0 +1,4 @@ +Fix format string in ``_PyPegen_raise_error_known_location`` that can lead +to memory corruption on some 64bit systems. The function was building a +tuple with ``i`` (int) instead of ``n`` (Py_ssize_t) for Py_ssize_t +arguments. diff --git a/Parser/pegen_errors.c b/Parser/pegen_errors.c index c87d50abd2c..95bbd43dc32 100644 --- a/Parser/pegen_errors.c +++ b/Parser/pegen_errors.c @@ -371,7 +371,7 @@ _PyPegen_raise_error_known_location(Parser *p, PyObject *errtype, } } } - tmp = Py_BuildValue("(OiiNii)", p->tok->filename, lineno, col_number, error_line, end_lineno, end_col_number); + tmp = Py_BuildValue("(OnnNnn)", p->tok->filename, lineno, col_number, error_line, end_lineno, end_col_number); if (!tmp) { goto error; }