From 3a2caa7cb0fd3796b9bea7e29920c8a68141fae1 Mon Sep 17 00:00:00 2001 From: Stan Ulbrych Date: Mon, 6 Apr 2026 11:16:46 +0100 Subject: [PATCH 1/2] Check for `_PyPegen_add_type_comment_to_arg` fail in _PyPegen_name_default_pair --- Lib/test/test_type_comments.py | 3 +++ .../2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst | 2 ++ Parser/action_helpers.c | 3 +++ 3 files changed, 8 insertions(+) create mode 100644 Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst diff --git a/Lib/test/test_type_comments.py b/Lib/test/test_type_comments.py index dd2e67841651d9..d827ac271085bd 100644 --- a/Lib/test/test_type_comments.py +++ b/Lib/test/test_type_comments.py @@ -398,6 +398,9 @@ def test_non_utf8_type_comment_with_ignore_cookie(self): with self.assertRaises(UnicodeDecodeError): _testcapi.Py_CompileStringExFlags( b"a=1 # type: \x80", "", 256, flags) + with self.assertRaises(UnicodeDecodeError): + _testcapi.Py_CompileStringExFlags( + b"def a(f=8, #type: \x80\n\x80", "", 256, flags) def test_func_type_input(self): diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst b/Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst new file mode 100644 index 00000000000000..737707359b33dc --- /dev/null +++ b/Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst @@ -0,0 +1,2 @@ +Fix an unlikely crash when parsing an invalid type comments for function +parameters. diff --git a/Parser/action_helpers.c b/Parser/action_helpers.c index 1f5b6220ba1baa..5e52bb83871904 100644 --- a/Parser/action_helpers.c +++ b/Parser/action_helpers.c @@ -435,6 +435,9 @@ _PyPegen_name_default_pair(Parser *p, arg_ty arg, expr_ty value, Token *tc) return NULL; } a->arg = _PyPegen_add_type_comment_to_arg(p, arg, tc); + if (!a->arg) { + return NULL; + } a->value = value; return a; } From 4cb4939970a1d971fcb6500c9e481958ef43d530 Mon Sep 17 00:00:00 2001 From: Stan Ulbrych Date: Mon, 6 Apr 2026 11:18:14 +0100 Subject: [PATCH 2/2] Add oss fuzz note --- .../2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst b/Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst index 737707359b33dc..6565291eb998ed 100644 --- a/Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst +++ b/Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst @@ -1,2 +1,2 @@ Fix an unlikely crash when parsing an invalid type comments for function -parameters. +parameters. Found by OSS Fuzz in :oss-fuzz:`492782951`.