From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Date: Thu, 11 Aug 2022 09:19:20 +0000 (-0700) Subject: gh-95876: Fix format string in pegen error location code (GH-95877) X-Git-Tag: v3.11.0rc2~128 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1221e8c400933f24be69bd156f03cd1411746e6c;p=thirdparty%2FPython%2Fcpython.git gh-95876: Fix format string in pegen error location code (GH-95877) (cherry picked from commit b4c857d0fd74abb1ede6fe083c4fa3ca728b2b83) Co-authored-by: Christian Heimes --- diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst b/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst new file mode 100644 index 000000000000..96b69015a586 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2022-08-11-09-19-55.gh-issue-95876.YpQfoV.rst @@ -0,0 +1,4 @@ +Fix format string in ``_PyPegen_raise_error_known_location`` that can lead +to memory corruption on some 64bit systems. The function was building a +tuple with ``i`` (int) instead of ``n`` (Py_ssize_t) for Py_ssize_t +arguments. diff --git a/Parser/pegen_errors.c b/Parser/pegen_errors.c index 5703088443ed..a0f4b9809e21 100644 --- a/Parser/pegen_errors.c +++ b/Parser/pegen_errors.c @@ -371,7 +371,7 @@ _PyPegen_raise_error_known_location(Parser *p, PyObject *errtype, } } } - tmp = Py_BuildValue("(OiiNii)", p->tok->filename, lineno, col_number, error_line, end_lineno, end_col_number); + tmp = Py_BuildValue("(OnnNnn)", p->tok->filename, lineno, col_number, error_line, end_lineno, end_col_number); if (!tmp) { goto error; }