Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork33.7k
Closed
Assignees
Description
Bug report
_PyPegen_raise_error_known_location() usesPy_BuildValue() to generate a tuple for SyntaxError. The format string uses wrong values for all integer constants. lineno, col_number, end_lineno, and end_col_number are Py_ssize_t. Thei format string handles int. This causes memory corruption on 64bit operation systems with strict ABI (e.g. wasm64).
Lines 373 to 376 inb9e956f
| } | |
| tmp=Py_BuildValue("(OiiNii)",p->tok->filename,lineno,col_number,error_line,end_lineno,end_col_number); | |
| if (!tmp) { | |
| gotoerror; |
I can reliable crash the interpreter with a syntax error like1+=1. Notice the<ensc object at 0x1> in the object dump.
$ node --experimental-wasm-memory64 ./python.js -c "1+=1" File "<string>", line 1object address : 0x973e10object refcount : 2object type : 0x2bc868object type name: SyntaxErrorobject repr : SyntaxError("'literal' is an illegal expression for augmented assignment", ('<string>', 1, 0, <ensc object at 0x1>, 10590200, 0))lost sys.stderrAborted(Runtime error: The application has corrupted its heap memory area (address zero)!)exiting due to exception: RuntimeError: Aborted(Runtime error: The application has corrupted its heap memory area (address zero)!),RuntimeError: Aborted(Runtime error: The application has corrupted its heap memory area (address zero)!) at abort (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:971:11) at checkStackCookie (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:733:47) at exitRuntime (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:800:3) at exitJS (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:7254:9) at callMain (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:9476:5) at doRun (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:9525:23) at run (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:9540:5) at runCaller (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:9448:19) at removeRunDependency (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:936:7) at receiveInstance (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:1106:5)The fix is trivial, usen instead ofi.https://docs.python.org/3/c-api/arg.html#c.Py_BuildValue
Your environment
CPython main
wasm64-emscripten (EMSDK 3.1.18) with Node 16