Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork34.3k
Closed
Description
Crash report
What happened?
It's possible to segfault the interpreter by trying to callrepr() on anExceptionGroup which has had itsargs set to an empty tuple.
Automated diagnosis:
Bug: At line 1094 ofexceptions.c,PyTuple_GET_ITEM(self->args, 1) accesses index 1 ofself->args without checking the tuple size. Sinceargs is writable from Python, setting it to an empty tuple causes an OOB read → segfault.
File:Objects/exceptions.c, line 1094
MRE:
eg=ExceptionGroup("msg", [ValueError()])eg.args= ()repr(eg)
Backtrace:
Program received signal SIGSEGV, Segmentation fault.BaseExceptionGroup_repr (op=0x7ffff759b260) at Objects/exceptions.c:10941094 if (PyList_Check(PyTuple_GET_ITEM(self->args, 1))) {(gdb) bt#0 BaseExceptionGroup_repr (op=0x7ffff759b260) at Objects/exceptions.c:1094#1 0x0000555555728177 in PyObject_Repr (v=0x7ffff759b260) at Objects/object.c:782#2 0x00005555557206b5 in cfunction_vectorcall_O (func=func@entry=0x7ffff75bf830, args=args@entry=0x7fffffffb608, nargsf=nargsf@entry=9223372036854775809, kwnames=kwnames@entry=0x0) at Objects/methodobject.c:536#3 0x00005555556a2ebe in _PyObject_VectorcallTstate (tstate=0x555555d99c08 <_PyRuntime+360664>, callable=0x7ffff75bf830, args=0x7fffffffb608, nargsf=9223372036854775809, kwnames=0x0) at ./Include/internal/pycore_call.h:144#4 0x000055555583f859 in _Py_VectorCallInstrumentation_StackRefSteal (callable=..., arguments=0x7ffff7fa7080, total_args=total_args@entry=1, kwnames=kwnames@entry=..., call_instrumentation=false, frame=frame@entry=0x7ffff7fa7020, this_instr=0x7ffff749814a, tstate=0x555555d99c08 <_PyRuntime+360664>) at Python/ceval.c:775#5 0x000055555584a8e4 in _PyEval_EvalFrameDefault (tstate=tstate@entry=0x555555d99c08 <_PyRuntime+360664>, frame=<optimized out>, frame@entry=0x7ffff7fa7020, throwflag=throwflag@entry=0) at Python/generated_cases.c.h:1838#6 0x000055555583f08b in _PyEval_EvalFrame (tstate=0x555555d99c08 <_PyRuntime+360664>, frame=0x7ffff7fa7020, throwflag=0) at ./Include/internal/pycore_ceval.h:118#7 _PyEval_Vector (tstate=tstate@entry=0x555555d99c08 <_PyRuntime+360664>, func=func@entry=0x7ffff7466690, locals=locals@entry=0x7ffff746a4b0, args=args@entry=0x0, argcount=argcount@entry=0, kwnames=kwnames@entry=0x0) at Python/ceval.c:2130#8 0x000055555583ee1e in PyEval_EvalCode (co=co@entry=0x7ffff7498040, globals=globals@entry=0x7ffff746a4b0, locals=locals@entry=0x7ffff746a4b0) at Python/ceval.c:686#9 0x00005555559c8f8e in run_eval_code_obj (tstate=0x555555d99c08 <_PyRuntime+360664>, co=co@entry=0x7ffff7498040, globals=globals@entry=0x7ffff746a4b0, locals=locals@entry=0x7ffff746a4b0) at Python/pythonrun.c:1368#10 0x00005555559c8adb in run_mod (mod=mod@entry=0x555555f3d7d8, filename=filename@entry=0x7ffff74b2e40, globals=globals@entry=0x7ffff746a4b0, locals=locals@entry=0x7ffff746a4b0, flags=0x7fffffffc940, arena=arena@entry=0x7ffff74dad40, interactive_src=0x0, generate_new_source=0) at Python/pythonrun.c:1471Found usingcpython-review-toolkit with Claude Opus 4.6, using the/cpython-review-toolkit:explore Objects/exceptions.c all deep command.
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.15.0a7+ (heads/main:e0f7c1097e1, Mar 17 2026, 18:10:52) [Clang 21.1.2 (2ubuntu6)]