Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parser compares int to Py_ssize_t poorly #120956

Closed
zooba opened this issue Jun 24, 2024 · 3 comments
Closed

Parser compares int to Py_ssize_t poorly #120956

zooba opened this issue Jun 24, 2024 · 3 comments
Assignees
@lysnikolaou
Labels
topic-parser

Comments

@zooba
Copy link
Member

zooba commented Jun 24, 2024
edited by bedevere-app bot
Loading

I'm not sure how widespread this is, or how generated the code is, but within _loop0_139_rule in parser.c we find this:

    Py_ssize_t _n = 0;
    // some lines later
    for (int i = 0; i < _n; i++) asdl_seq_SET_UNTYPED(_seq, i, _children[i]);

If _n can never be larger than MAX_INT (likely), there seems no reason it can't be int. Alternatively, if i has to increment all the way up to _n, it should be Py_ssize_t.

Otherwise, an infinite loop is theoretically possible, and clever static analysers will take great pride in reminding us about this possibility until we fix it.

(I'd jump in and fix this myself but I've never touched this code before and am not sure where to start. Should be easy enough for someone who does know, though.)

Linked PRs
@lysnikolaou lysnikolaou self-assigned this Jun 24, 2024
lysnikolaou added a commit to lysnikolaou/cpython that referenced this issue Jun 24, 2024
@lysnikolaou
pythongh-120956: Avoid comparison of int to Py_ssize_t in parser
0764640
@bedevere-app bedevere-app bot mentioned this issue Jun 24, 2024
Merged
@lysnikolaou
Copy link
Contributor

Opened #120959.

@mdboom
Copy link
Contributor

mdboom commented Jun 24, 2024

clever static analysers will take great pride in reminding us about this possibility until we fix it.

Was there a specific clever static analyser that found this in this case?

@zooba
Copy link
Member Author

zooba commented Jun 24, 2024

Was there a specific clever static analyser that found this in this case?

CodeQL, though running on a different copy of the repo than this one.

lysnikolaou added a commit that referenced this issue Jun 24, 2024
@lysnikolaou
gh-120956: Avoid comparison of int to Py_ssize_t in parser (#120959)
3481848
mrahtz pushed a commit to mrahtz/cpython that referenced this issue Jun 30, 2024
@lysnikolaou @mrahtz
pythongh-120956: Avoid comparison of int to Py_ssize_t in parser (pyt…
f22b7f3 
…hon#120959)
noahbkim pushed a commit to hudson-trading/cpython that referenced this issue Jul 11, 2024
@lysnikolaou @noahbkim
pythongh-120956: Avoid comparison of int to Py_ssize_t in parser (pyt…
a8dbf3a 
…hon#120959)
estyxx pushed a commit to estyxx/cpython that referenced this issue Jul 17, 2024
@lysnikolaou @estyxx
pythongh-120956: Avoid comparison of int to Py_ssize_t in parser (pyt…
8cf310c 
…hon#120959)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lysnikolaou lysnikolaou

Labels
topic-parser
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mdboom @zooba @lysnikolaou