From 81fe44beb71f6b75fd9778fb76c9ae404e09c359 Mon Sep 17 00:00:00 2001 From: Stan Ulbrych Date: Mon, 6 Apr 2026 12:56:36 +0100 Subject: [PATCH] gh-148157: Check for `_PyPegen_add_type_comment_to_arg` fail in `_PyPegen_name_default_pair` (GH-148158) (cherry picked from commit 1795fccfbc7ccb89ead5c529b2f55f54622d1314) Co-authored-by: Stan Ulbrych --- Lib/test/test_type_comments.py | 3 +++ .../2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst | 2 ++ Parser/action_helpers.c | 3 +++ 3 files changed, 8 insertions(+) create mode 100644 Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst diff --git a/Lib/test/test_type_comments.py b/Lib/test/test_type_comments.py index dd2e67841651d9..d827ac271085bd 100644 --- a/Lib/test/test_type_comments.py +++ b/Lib/test/test_type_comments.py @@ -398,6 +398,9 @@ def test_non_utf8_type_comment_with_ignore_cookie(self): with self.assertRaises(UnicodeDecodeError): _testcapi.Py_CompileStringExFlags( b"a=1 # type: \x80", "", 256, flags) + with self.assertRaises(UnicodeDecodeError): + _testcapi.Py_CompileStringExFlags( + b"def a(f=8, #type: \x80\n\x80", "", 256, flags) def test_func_type_input(self): diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst b/Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst new file mode 100644 index 00000000000000..6565291eb998ed --- /dev/null +++ b/Misc/NEWS.d/next/Core_and_Builtins/2026-04-06-11-15-46.gh-issue-148157.JFnZDn.rst @@ -0,0 +1,2 @@ +Fix an unlikely crash when parsing an invalid type comments for function +parameters. Found by OSS Fuzz in :oss-fuzz:`492782951`. diff --git a/Parser/action_helpers.c b/Parser/action_helpers.c index 57e46b4399c66d..a24744d77eabb9 100644 --- a/Parser/action_helpers.c +++ b/Parser/action_helpers.c @@ -435,6 +435,9 @@ _PyPegen_name_default_pair(Parser *p, arg_ty arg, expr_ty value, Token *tc) return NULL; } a->arg = _PyPegen_add_type_comment_to_arg(p, arg, tc); + if (!a->arg) { + return NULL; + } a->value = value; return a; }