You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following program is a shortened version of above, without fuzzing-related logic:
importasttokens, astdefTestOneInput():
source_to_parse="\x0a\x79\x0a\x79\x0d\x79\x0a\x0a\x79\x0a\x79\x0a\x79\x0a\x79\x0a\x79\x0a\x79\x79\x0a\x0a\x79\x0a\x79\x0a\x79\x0a\x79\x0a\x79\x2e\x79\x0a\x78\x0a\x79\x0a\x79\x0a\x79\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x45\x0a"try:
ast.parse(source_to_parse)
except:
# Avoid anything that throws any issues in ast.parse.returntry:
atok=asttokens.ASTTokens(source_to_parse, parse=True)
exceptSyntaxError:
passTestOneInput()
This produces the stack trace:
# python3 ./reproducer.py
Traceback (most recent call last):
File "./reproducer.py", line 29, in <module>
TestOneInput()
File "./reproducer.py", line 26, in TestOneInput
atok = asttokens.ASTTokens(source_to_parse, parse=True)
File "/usr/local/lib/python3.8/site-packages/asttokens/asttokens.py", line 127, in __init__
self.mark_tokens(self._tree)
File "/usr/local/lib/python3.8/site-packages/asttokens/asttokens.py", line 139, in mark_tokens
MarkTokens(self).visit_tree(root_node)
File "/usr/local/lib/python3.8/site-packages/asttokens/mark_tokens.py", line 61, in visit_tree
util.visit_tree(node, self._visit_before_children, self._visit_after_children)
File "/usr/local/lib/python3.8/site-packages/asttokens/util.py", line 273, in visit_tree
ret = postvisit(current, par_value, cast(Optional[Token], value))
File "/usr/local/lib/python3.8/site-packages/asttokens/mark_tokens.py", line 109, in _visit_after_children
nfirst, nlast = self._methods.get(self, node.__class__)(node, first, last)
File "/usr/local/lib/python3.8/site-packages/asttokens/mark_tokens.py", line 220, in handle_attr
name = self._code.next_token(dot)
File "/usr/local/lib/python3.8/site-packages/asttokens/asttokens.py", line 210, in next_token
while is_non_coding_token(self._tokens[i].type):
IndexError: list index out of range
This was found by way of OSS-Fuzz and the set up here: https://github.com/google/oss-fuzz/tree/master/projects/asttokens If you find this issue helpful then it would be great to have maintainer emails in the project.yaml to receive notifications of bug reports, which contain all details similar to what I posted above -- namely they contain the stacktrace, crashing input and identification of the fuzzer.
The text was updated successfully, but these errors were encountered:
Here's a more minimal cut-down which appears to fail in the same way: '\ry.y\n'. Attempting to cut down further (either by removing the attribute access, leaving just y, or changing the leading carriage return to a newline) causes the error to disappear. The mix of line ending styles here seems to be part of the issue, though why the attribute access is needed is less clear.
The following program raises an uncaught exception:
Where the
atheris
module refers to https://pypi.org/project/atheris/The program is a derivative of the fuzzer here https://github.com/google/oss-fuzz/blob/master/projects/asttokens/fuzz_asttokens.py
The following program is a shortened version of above, without fuzzing-related logic:
This produces the stack trace:
This was found by way of OSS-Fuzz and the set up here: https://github.com/google/oss-fuzz/tree/master/projects/asttokens If you find this issue helpful then it would be great to have maintainer emails in the project.yaml to receive notifications of bug reports, which contain all details similar to what I posted above -- namely they contain the stacktrace, crashing input and identification of the fuzzer.
The text was updated successfully, but these errors were encountered: