[issue44396] pegen _PyParser_ASTFromFile(): Use-After-Free in syntaxerror()
Pablo Galindo Salgado
report at bugs.python.org
Fri Jun 11 12:54:50 EDT 2021
Pablo Galindo Salgado <pablogsal at gmail.com> added the comment:
I think this should fix the issue, but someone should validate this:
diff --git a/Parser/tokenizer.c b/Parser/tokenizer.c
index 6002f3e05a..1c28737183 100644
--- a/Parser/tokenizer.c
+++ b/Parser/tokenizer.c
@@ -1084,17 +1084,16 @@ syntaxerror(struct tok_state *tok, const char *format, ...)
goto error;
}
- errtext = PyUnicode_DecodeUTF8(tok->line_start, tok->cur - tok->line_start,
+ errtext = PyUnicode_DecodeUTF8(tok->buf, tok->inp - tok->buf,
"replace");
if (!errtext) {
goto error;
}
int offset = (int)PyUnicode_GET_LENGTH(errtext);
- Py_ssize_t line_len = strcspn(tok->line_start, "\n");
- if (line_len != tok->cur - tok->line_start) {
+ Py_ssize_t line_len = strcspn(tok->buf, "\n");
+ if (line_len != tok->buf - tok->inp) {
Py_DECREF(errtext);
- errtext = PyUnicode_DecodeUTF8(tok->line_start, line_len,
- "replace");
+ errtext = PyUnicode_DecodeUTF8(tok->buf, line_len, "replace");
}
if (!errtext) {
goto error;
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44396>
_______________________________________
More information about the Python-bugs-list
mailing list