Bug report
_PyPegen_raise_error_known_location() uses Py_BuildValue() to generate a tuple for SyntaxError. The format string uses wrong values for all integer constants. lineno, col_number, end_lineno, and end_col_number are Py_ssize_t. The i format string handles int. This causes memory corruption on 64bit operation systems with strict ABI (e.g. wasm64).
|
} |
|
tmp = Py_BuildValue("(OiiNii)", p->tok->filename, lineno, col_number, error_line, end_lineno, end_col_number); |
|
if (!tmp) { |
|
goto error; |
I can reliable crash the interpreter with a syntax error like 1+=1. Notice the <ensc object at 0x1> in the object dump.
$ node --experimental-wasm-memory64 ./python.js -c "1+=1"
File "<string>", line 1
object address : 0x973e10
object refcount : 2
object type : 0x2bc868
object type name: SyntaxError
object repr : SyntaxError("'literal' is an illegal expression for augmented assignment", ('<string>', 1, 0, <ensc object at 0x1>, 10590200, 0))
lost sys.stderr
Aborted(Runtime error: The application has corrupted its heap memory area (address zero)!)
exiting due to exception: RuntimeError: Aborted(Runtime error: The application has corrupted its heap memory area (address zero)!),RuntimeError: Aborted(Runtime error: The application has corrupted its heap memory area (address zero)!)
at abort (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:971:11)
at checkStackCookie (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:733:47)
at exitRuntime (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:800:3)
at exitJS (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:7254:9)
at callMain (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:9476:5)
at doRun (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:9525:23)
at run (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:9540:5)
at runCaller (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:9448:19)
at removeRunDependency (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:936:7)
at receiveInstance (/home/heimes/dev/python/cpython/builddir/wasm64-emscripten-node-debug/python.js:1106:5)
The fix is trivial, use n instead of i. https://docs.python.org/3/c-api/arg.html#c.Py_BuildValue
Your environment
CPython main
wasm64-emscripten (EMSDK 3.1.18) with Node 16
Bug report
_PyPegen_raise_error_known_location()usesPy_BuildValue()to generate a tuple for SyntaxError. The format string uses wrong values for all integer constants. lineno, col_number, end_lineno, and end_col_number are Py_ssize_t. Theiformat string handles int. This causes memory corruption on 64bit operation systems with strict ABI (e.g. wasm64).cpython/Parser/pegen_errors.c
Lines 373 to 376 in b9e956f
I can reliable crash the interpreter with a syntax error like
1+=1. Notice the<ensc object at 0x1>in the object dump.The fix is trivial, use
ninstead ofi. https://docs.python.org/3/c-api/arg.html#c.Py_BuildValueYour environment
CPython main
wasm64-emscripten (EMSDK 3.1.18) with Node 16