crash when producing a large string via "*" #17925
Description
Port, board and/or hardware
unix port, coverage variant, x86_64 linux
MicroPython version
v1.27.0-preview-32-g141f7d0c35
Reproduction
Run micropython with the following script (via -c for example): 'a' * 8 * (1 << 62)
Expected behaviour
An error is printed because it's not possible to contain the resulting sequence
Observed behaviour
A crash inside memcpy
Starting program: /home/jepler/src/micropython/ports/unix/build-coverage/micropython -c "'aaaa' * (1 << 62)"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
__memcpy_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:366
warning: 366 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory
(gdb) where
#0 __memcpy_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:366
#1 0x0000555555619c62 in mp_seq_multiply (items=items@entry=0x7ffff7c15c20, item_sz=item_sz@entry=1, len=8,
times=4611686018427387904, dest=0x7ffff7c97000) at ../../py/sequence.c:41
#2 0x0000555555610ef1 in mp_obj_str_binary_op (op=MP_BINARY_OP_MULTIPLY, lhs_in=<optimized out>,
rhs_in=<optimized out>) at ../../py/objstr.c:391
Additional Information
Many variants (such as 1<<59) instead give the message MemoryError: memory allocation failed, allocating 1 bytes but I'm not sure where the value 1 is coming from.
This finding is from a fuzzer.
Code of Conduct
Yes, I agree