Closed as duplicate of#136198
Description
Bug description:
import calendar data=str("%%opt'AqPTIL*eyxQ3q0^xmT%888888888888888884hXT6B83eOU6IEF4f*cWKJyvxoHbjgDaohunN#Tnk&yS0iKAo&nQZ7v4yC6B83eOU6IEF4f*cWKJyvxoHbjgDaohunN%&$%b'ZkZZq0Yk2HowI$JzTqE3wVf2&wka(rm#KNfOU*Dqu)4F#Tnk&yS0inds)ZAu6q^t%#KBxkZKAo&nQu*uZ7(4m^Umh8*ndCQp0&zqQ#d*A'2Zt6fL7QUGK@M^Ll&(&pTDrhE8dFSTlQ^taN'") ret = calendar.isleap(data)When building cpython without sanitizers, there will be a MemoryError.
It looks like the problem is in implicit type conversion. Tested for versions from 3.7 to 3.15
Below is the output of ASAN when building with --with-pydebug
#0 0x61165a914395 in __interceptor_realloc (/usr/local/bin/python3.15+0x763395) (BuildId: 510e01f0876b564331a25fd250bbf68603637192) #1 0x61165ad54653 in _PyMem_DebugRawRealloc /root/cpython/Objects/obmalloc.c:3010:20 #2 0x61165aeaa285 in resize_compact /root/cpython/Objects/unicodeobject.c:1197:31 #3 0x61165ae392ac in _PyUnicodeWriter_PrepareInternal /root/cpython/Objects/unicodeobject.c:13824:25 #4 0x61165aeb4d87 in unicode_format_arg_output /root/cpython/Objects/unicodeobject.c:15345:9 #5 0x61165aeb4d87 in unicode_format_arg /root/cpython/Objects/unicodeobject.c:15449:15 #6 0x61165aeb4d87 in PyUnicode_Format /root/cpython/Objects/unicodeobject.c:15522:17 #7 0x61165aaebb2c in binary_op1 /root/cpython/Objects/abstract.c:964:13 #8 0x61165aaeb1db in binary_op /root/cpython/Objects/abstract.c:1003:24 #9 0x61165b0a774a in _PyEval_EvalFrameDefault /root/cpython/Python/generated_cases.c.h:62:35 #10 0x61165b070ad6 in _PyEval_EvalFrame /root/cpython/./Include/internal/pycore_ceval.h:119:16 #11 0x61165b070ad6 in _PyEval_Vector /root/cpython/Python/ceval.c:1975:12 #12 0x61165b06feab in PyEval_EvalCode /root/cpython/Python/ceval.c:866:21 #13 0x61165b2fe6dd in run_eval_code_obj /root/cpython/Python/pythonrun.c:1365:12 #14 0x61165b2fe6dd in run_mod /root/cpython/Python/pythonrun.c:1436:19 #15 0x61165b2f6430 in _PyRun_StringFlagsWithName /root/cpython/Python/pythonrun.c:1259:15 #16 0x61165b2f6430 in _PyRun_SimpleStringFlagsWithName /root/cpython/Python/pythonrun.c:578:15 #17 0x61165b3a0cf2 in pymain_run_command /root/cpython/Modules/main.c:261:11 #18 0x61165b3a0cf2 in pymain_run_python /root/cpython/Modules/main.c:682:21 #19 0x61165b3a0cf2 in Py_RunMain /root/cpython/Modules/main.c:772:5 #20 0x61165b3a3816 in pymain_main /root/cpython/Modules/main.c:802:12 #21 0x61165b3a3aed in Py_BytesMain /root/cpython/Modules/main.c:826:12 #22 0x797a1235e249 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 ==122==HINT: if you don't care about these errors you may set allocator_may_return_null=1 SUMMARY: AddressSanitizer: allocation-size-too-big (/usr/local/bin/python3.15+0x763395) (BuildId: 510e01f0876b564331a25fd250bbf68603637192) in __interceptor_realloc Bug was found using https://github.com/awen-li/PyRTFuzz
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux