Skip to content

bpo-29505: Fuzz ast.parse() / compile() with PyCF_ONLY_AST #3437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

bpo-29505: Fuzz ast.parse() / compile() with PyCF_ONLY_AST #3437

wants to merge 2 commits into from

Conversation

ssbr
Copy link
Contributor

@ssbr ssbr commented Sep 7, 2017
edited by bedevere-bot
Loading

ast.parse() just calls compile() with PyCF_ONLY_AST to exit early, so we emulate
that here with the call to the corresponding part of the C API.

https://bugs.python.org/issue29505

ssbr added 2 commits September 7, 2017 15:06
@ssbr
Add fuzz test for ast.parse().
f8438b0 
ast.parse() just calls compile() with PyCF_ONLY_AST to exit early, so we emulate
that here\ with the call to the corresponding part of the C API.

The code for compile() and Py_CompileStringObject() is duplicated, so
hypothetically one could have a bug and not the other, but... nah. :)
@ssbr
Merge branch 'master' of https://github.com/python/cpython into fuzz_ast
a78bd90
@benjaminp
Copy link
Contributor

This seems fine to me. We never actually got into oss-fuzz, though, right?

@terryjreedy
Copy link
Member

Devin, should this be closed, or did it fall through a crack?

@terryjreedy terryjreedy reopened this Feb 28, 2020
@codecov
Copy link

codecov bot commented Feb 28, 2020

Codecov Report

Merging #3437 into master will decrease coverage by 1.66%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##           master    #3437       +/-   ##
===========================================
- Coverage   84.88%   83.22%    -1.67%     
===========================================
  Files        1801     1571      -230     
  Lines      524801   415192   -109609     
  Branches        0    44479    +44479     
===========================================
- Hits       445489   345526    -99963     
+ Misses      79312    60022    -19290     
- Partials        0     9644     +9644
Impacted Files Coverage Δ
Lib/test/dis_module.py 0.00% <0.00%> (-100.00%) ⬇️
Lib/test/test_binhex.py 13.33% <0.00%> (-83.45%) ⬇️
Lib/binhex.py 17.84% <0.00%> (-69.44%) ⬇️
Lib/test/test_spwd.py 25.00% <0.00%> (-65.17%) ⬇️
Lib/sqlite3/dbapi2.py 34.88% <0.00%> (-65.12%) ⬇️
Lib/idlelib/autocomplete_w.py 14.61% <0.00%> (-37.39%) ⬇️
Lib/threading.py 47.43% <0.00%> (-35.64%) ⬇️
Lib/test/test_eintr.py 58.33% <0.00%> (-33.34%) ⬇️
Lib/distutils/tests/test_bdist_wininst.py 60.00% <0.00%> (-33.34%) ⬇️
Lib/test/test_tuple.py 69.58% <0.00%> (-29.78%) ⬇️
... and 1677 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 888bbdc...a78bd90. Read the comment docs.

@ammaraskar ammaraskar mentioned this pull request Oct 6, 2021
Merged
@ammaraskar
Copy link
Member

Closing in favor of #28777, thank you again for your original work on this Devin.

@ammaraskar ammaraskar closed this Oct 6, 2021
miss-islington pushed a commit that referenced this pull request Oct 6, 2021
@ammaraskar
bpo-29505: Add fuzzer for ast.literal_eval (GH-28777)
db72e58 
This supercedes #3437 and fuzzes the method we recommend for unsafe inputs, `ast.literal_eval`. This should exercise the tokenizer and parser.
@gpshead gpshead mentioned this pull request Apr 10, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
awaiting review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ssbr @benjaminp @terryjreedy @ammaraskar @the-knights-who-say-ni @bedevere-bot