Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Overflow if co_exceptiontable is absurdly large #126858

Open
federicovalenso opened this issue Nov 15, 2024 · 2 comments
Open

Overflow if co_exceptiontable is absurdly large #126858

federicovalenso opened this issue Nov 15, 2024 · 2 comments
Assignees
@picnixz
Labels
3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) pending The issue will be closed if no feedback is provided type-bug An unexpected behavior, bug, or error

Comments

@federicovalenso
Copy link
Contributor

federicovalenso commented Nov 15, 2024
edited by github-actions bot
Loading

Bug report

Bug description:

f.__code__ = f.__code__.replace(co_linetable=bytes(bytearray(2**31+1)))

It can lead to overflow in assemble.c

CPython versions tested on:

3.11

Operating systems tested on:

Linux
@federicovalenso federicovalenso added the type-bug An unexpected behavior, bug, or error label Nov 15, 2024
@picnixz picnixz self-assigned this Nov 15, 2024
@picnixz picnixz added interpreter-core (Objects, Python, Grammar, and Parser dirs) 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes labels Nov 15, 2024
@picnixz picnixz changed the title Overflow if co_exceptiontable is absurdly large Overflow if a_except_table is absurdly large Nov 15, 2024
@picnixz picnixz changed the title Overflow if a_except_table is absurdly large Overflow if co_exceptiontable is absurdly large Nov 15, 2024
@picnixz
Copy link
Contributor

picnixz commented Nov 15, 2024
edited
Loading

Actually, how is co_exceptiontable related to a_except_table? Namely, can you write me a complete PoC please?

@picnixz picnixz added the pending The issue will be closed if no feedback is provided label Nov 15, 2024
@ZeroIntensity
Copy link
Member

This one doesn't seem like it's worth fixing, there's plenty of ways to crash the interpreter by messing with code objects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@picnixz picnixz

Labels
3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) pending The issue will be closed if no feedback is provided type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@picnixz @federicovalenso @ZeroIntensity