Skip to content

bpo-32758: warn that a couple ast functions can crash the interpreter #5960

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
brettcannon merged 1 commit into from
Mar 9, 2018
Merged

bpo-32758: warn that a couple ast functions can crash the interpreter #5960

brettcannon merged 1 commit into from
Mar 9, 2018

Conversation

@brettcannon
Copy link
Member

@brettcannon brettcannon commented Mar 2, 2018
edited by bedevere-bot
Loading

Both ast.parse() and ast.literal_eval() can trigger a segfault with the appropriate string input due to the recursion depth limit of the AST compiler.

https://bugs.python.org/issue32758

@brettcannon brettcannon added needs backport to 3.6 docs Documentation in the Doc dir skip news labels Mar 2, 2018
@brettcannon brettcannon self-assigned this Mar 5, 2018
@brettcannon
Copy link
Member Author

brettcannon commented Mar 5, 2018

Got approval for the wording from @serhiy-storchaka in the issue itself, but he also pointed out that there are implicit uses of the troublesome functions in various other places, so the comment needs to spread out a bit more before this PR can get merged.

@brettcannon brettcannon merged commit 7a7f100 into python:master Mar 9, 2018
@miss-islington
Copy link
Contributor

miss-islington commented Mar 9, 2018

Thanks @brettcannon for the PR 🌮🎉.. I'm working now to backport this PR to: 2.7, 3.6, 3.7.
🐍🍒⛏🤖

@brettcannon brettcannon deleted the ast-warning branch March 9, 2018 20:03
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Mar 9, 2018
@brettcannon @miss-islington
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
f3f8eec 
…the interpreter (pythonGH-5960)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <[email protected]>
@bedevere-bot
Copy link

bedevere-bot commented Mar 9, 2018

3.7 branch.

@miss-islington
Copy link
Contributor

miss-islington commented Mar 9, 2018

Sorry, @brettcannon, I could not cleanly backport this to 2.7 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 7a7f100eb352d08938ee0f5ba59c18f56dc4a7b5 2.7

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Mar 9, 2018
@brettcannon @miss-islington
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
9714fba 
…the interpreter (pythonGH-5960)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <[email protected]>
@bedevere-bot
Copy link

bedevere-bot commented Mar 9, 2018

3.6 branch.

brettcannon added a commit that referenced this pull request Mar 9, 2018
@miss-islington @brettcannon
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
b316c44 
…the interpreter (GH-6042)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <[email protected]>
brettcannon added a commit that referenced this pull request Mar 9, 2018
@miss-islington @brettcannon
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
f2fffd4 
…the interpreter (GH-6041)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <[email protected]>
jo2y pushed a commit to jo2y/cpython that referenced this pull request Mar 23, 2018
@brettcannon @jo2y
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
6b2d76f 
…the interpreter (pythonGH-5960)
@naglis naglis mentioned this pull request Nov 9, 2018
Closed
@naglis naglis mentioned this pull request Nov 21, 2018
Open
AWhetter pushed a commit to AWhetter/cpython that referenced this pull request Oct 3, 2019
@brettcannon @AWhetter
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
62a1224 
…the interpreter (pythonGH-5960)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <[email protected]>
@bedevere-bot
Copy link

bedevere-bot commented Oct 3, 2019

2.7 branch.

serhiy-storchaka pushed a commit that referenced this pull request Oct 18, 2019
@AWhetter @brettcannon @serhiy-storchaka
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault …
dedb99a 
…the interpreter (GH-16565)

(cherry picked from commit 7a7f100)

Co-authored-by: Brett Cannon <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@serhiy-storchaka serhiy-storchaka Awaiting requested review from serhiy-storchaka

Assignees

@brettcannon brettcannon

Labels

docs Documentation in the Doc dir skip news

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@brettcannon @miss-islington @bedevere-bot @the-knights-who-say-ni

Follow Lee on X/Twitter - Father, Husband, Serial builder creating AI, crypto, games & web tools. We are friends :) AI Will Come To Life!

Check out: eBank.nz (Art Generator) | Netwrck.com (AI Tools) | Text-Generator.io (AI API) | BitBank.nz (Crypto AI) | ReadingTime (Kids Reading) | RewordGame | BigMultiplayerChess | WebFiddle | How.nz | Helix AI Assistant