Mar 2, 2026 · Feb 26, 2026 · Mar 2, 2026 · Mar 2, 2026
diff --git a/Lib/test/test_source_encoding.py b/Lib/test/test_source_encoding.py
        # two bytes in common with the UTF-8 BOM
        self.assertRaises(SyntaxError, eval, b'\xef\xbb\x20')

    def test_truncated_utf8_at_eof(self):
        # Regression test for https://issues.oss-fuzz.com/issues/451112368
        # Truncated multi-byte UTF-8 sequences at end of input caused an
        # out-of-bounds read in Parser/tokenizer/helpers.c:valid_utf8().
        truncated = [
            b'\xc2',              # 2-byte lead, missing 1 continuation
            b'\xdf',              # 2-byte lead, missing 1 continuation
            b'\xe0',              # 3-byte lead, missing 2 continuations
            b'\xe0\xa0',          # 3-byte lead, missing 1 continuation
            b'\xf0\x90',          # 4-byte lead, missing 2 continuations
            b'\xf0\x90\x80',      # 4-byte lead, missing 1 continuation
            b'\xf3',              # 4-byte lead, missing 3 (the oss-fuzz reproducer)
        ]
        for seq in truncated:
            with self.subTest(seq=seq):
                self.assertRaises(SyntaxError, compile, seq, '<test>', 'exec')

    @requires_subprocess()
    def test_20731(self):
        sub = subprocess.Popen([sys.executable,
diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2026-02-16-12-28-43.gh-issue-144872.k9_Q30.rst b/Misc/NEWS.d/next/Core_and_Builtins/2026-02-16-12-28-43.gh-issue-144872.k9_Q30.rst
 Fix heap buffer overflow in the parser found by OSS-Fuzz.
diff --git a/Parser/tokenizer/helpers.c b/Parser/tokenizer/helpers.c
        return 0;
    }
    length = expected + 1;
    for (;expected;expected--)
        if (s[expected] < 0x80 || s[expected] >= 0xC0)
    for (int i = 1; i <=expected;i++) {
        if (s[i] < 0x80 || s[i] >= 0xC0) {
            return 0;
        }
    }
    return length;
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -64,6 +64,23 @@ def test_issue7820(self):
		# two bytes in common with the UTF-8 BOM
		self.assertRaises(SyntaxError, eval, b'\xef\xbb\x20')

		def test_truncated_utf8_at_eof(self):
		# Regression test for https://issues.oss-fuzz.com/issues/451112368
		# Truncated multi-byte UTF-8 sequences at end of input caused an
		# out-of-bounds read in Parser/tokenizer/helpers.c:valid_utf8().
		truncated = [
		b'\xc2', # 2-byte lead, missing 1 continuation
		b'\xdf', # 2-byte lead, missing 1 continuation
		b'\xe0', # 3-byte lead, missing 2 continuations
		b'\xe0\xa0', # 3-byte lead, missing 1 continuation
		b'\xf0\x90', # 4-byte lead, missing 2 continuations
		b'\xf0\x90\x80', # 4-byte lead, missing 1 continuation
		b'\xf3', # 4-byte lead, missing 3 (the oss-fuzz reproducer)
		]
		for seq in truncated:
		with self.subTest(seq=seq):
		self.assertRaises(SyntaxError, compile, seq, '<test>', 'exec')

		@requires_subprocess()
Copy link MemberAuthor StanFromIrelandMar 2, 2026 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. FYI: this line caused the conflict. Copy link Member pablogsalMar 2, 2026 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. damn StanFromIreland reacted with thumbs up emoji
		def test_20731(self):
		sub = subprocess.Popen([sys.executable,
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Fix heap buffer overflow in the parser found by OSS-Fuzz.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -481,9 +481,11 @@ valid_utf8(const unsigned char* s)
		return 0;
		}
		length = expected + 1;
		for (;expected;expected--)
		if (s[expected] < 0x80 \|\| s[expected] >= 0xC0)
		for (int i = 1; i <=expected;i++) {
		if (s[i] < 0x80 \|\| s[i] >= 0xC0) {
		return 0;
		}
		}
		return length;
		}

Expand Down