KEMBAR78
Python/flowgraph.c:483: _Bool no_redundant_jumps(cfg_builder *): Assertion `last->i_target != b->b_next' failed · Issue #113603 · python/cpython · GitHub
Skip to content

Python/flowgraph.c:483: _Bool no_redundant_jumps(cfg_builder *): Assertion `last->i_target != b->b_next' failed #113603

@alex

Description

@alex

Bug report

Bug description:

The fuzz_pycompile fuzzer identified an assertion failure:


<fuzz input>:1: SyntaxWarning: invalid decimal literal
--
  | <fuzz input>:1: SyntaxWarning: invalid decimal literal
  | fuzz_pycompile: Python/flowgraph.c:483: _Bool no_redundant_jumps(cfg_builder *): Assertion `last->i_target != b->b_next' failed.
  | AddressSanitizer:DEADLYSIGNAL
  | =================================================================
  | ==2627==ERROR: AddressSanitizer: ABRT on unknown address 0x053900000a43 (pc 0x790fafca100b bp 0x790fafe16588 sp 0x7ffee87019d0 T0)
  | SCARINESS: 10 (signal)
  | #0 0x790fafca100b in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1
  | #1 0x790fafc80858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
  | #2 0x790fafc80728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3
  | #3 0x790fafc91fd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3
  | #4 0x825781 in no_redundant_jumps cpython3/Python/flowgraph.c:483:17
  | #5 0x825781 in _PyCfg_OptimizedCfgToInstructionSequence cpython3/Python/flowgraph.c:2719:5
  | #6 0x7992f9 in optimize_and_assemble_code_unit cpython3/Python/compile.c:7581:9
  | #7 0x7992f9 in optimize_and_assemble cpython3/Python/compile.c:7616:12
  | #8 0x7925a9 in compiler_mod cpython3/Python/compile.c:1779:24
  | #9 0x7925a9 in _PyAST_Compile cpython3/Python/compile.c:555:24
  | #10 0x8fce37 in Py_CompileStringObject cpython3/Python/pythonrun.c:1452:10
  | #11 0x8fcf2c in Py_CompileStringExFlags cpython3/Python/pythonrun.c:1465:10
  | #12 0x4f7e97 in fuzz_pycompile cpython3/Modules/_xxtestfuzz/fuzzer.c:550:24
  | #13 0x4f7e97 in _run_fuzz cpython3/Modules/_xxtestfuzz/fuzzer.c:563:14
  | #14 0x4f7e97 in LLVMFuzzerTestOneInput cpython3/Modules/_xxtestfuzz/fuzzer.c:704:11
  | #15 0x4f878d in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:255:7
  | #16 0x4f8598 in LLVMFuzzerRunDriver /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:0
  | #17 0x4f8158 in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:300:10
  | #18 0x790fafc82082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
  | #19 0x43906d in _start


<br class="Apple-interchange-newline"><fuzz input>:1: SyntaxWarning: invalid decimal literal
<fuzz input>:1: SyntaxWarning: invalid decimal literal
fuzz_pycompile: Python/flowgraph.c:483: _Bool no_redundant_jumps(cfg_builder *): Assertion `last->i_target != b->b_next' failed.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2627==ERROR: AddressSanitizer: ABRT on unknown address 0x053900000a43 (pc 0x790fafca100b bp 0x790fafe16588 sp 0x7ffee87019d0 T0)
SCARINESS: 10 (signal)
    #0 0x790fafca100b in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1
    #1 0x790fafc80858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
    #2 0x790fafc80728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3
    #3 0x790fafc91fd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3
    #4 0x825781 in no_redundant_jumps [cpython3/Python/flowgraph.c:483](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/flowgraph.c#L483):17
    #5 0x825781 in _PyCfg_OptimizedCfgToInstructionSequence [cpython3/Python/flowgraph.c:2719](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/flowgraph.c#L2719):5
    #6 0x7992f9 in optimize_and_assemble_code_unit [cpython3/Python/compile.c:7581](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/compile.c#L7581):9
    #7 0x7992f9 in optimize_and_assemble [cpython3/Python/compile.c:7616](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/compile.c#L7616):12
    #8 0x7925a9 in compiler_mod [cpython3/Python/compile.c:1779](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/compile.c#L1779):24
    #9 0x7925a9 in _PyAST_Compile [cpython3/Python/compile.c:555](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/compile.c#L555):24
    #10 0x8fce37 in Py_CompileStringObject [cpython3/Python/pythonrun.c:1452](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/pythonrun.c#L1452):10
    #11 0x8fcf2c in Py_CompileStringExFlags [cpython3/Python/pythonrun.c:1465](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Python/pythonrun.c#L1465):10
    #12 0x4f7e97 in fuzz_pycompile [cpython3/Modules/_xxtestfuzz/fuzzer.c:550](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Modules/_xxtestfuzz/fuzzer.c#L550):24
    #13 0x4f7e97 in _run_fuzz [cpython3/Modules/_xxtestfuzz/fuzzer.c:563](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Modules/_xxtestfuzz/fuzzer.c#L563):14
    #14 0x4f7e97 in LLVMFuzzerTestOneInput [cpython3/Modules/_xxtestfuzz/fuzzer.c:704](https://github.com/python/cpython/blob/471aa752415029c508693fa7971076f5148022a6/Modules/_xxtestfuzz/fuzzer.c#L704):11
    #15 0x4f878d in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:255:7
    #16 0x4f8598 in LLVMFuzzerRunDriver /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:0
    #17 0x4f8158 in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:300:10
    #18 0x790fafc82082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
    #19 0x43906d in _start

Reproducer (note that the first two bytes are metadata for the fuzzer):

00000000: 2020 6966 2039 3c39 3c39 616e 6420 396f    if 9<9<9and 9o
00000010: 7220 393a 39                             r 9:9

Basic reproduction:

~/p/cpython ❯❯❯ ./python.exe -c "compile('if 9<9<9and 9or 9:9', '<na>', 'exec')"
<na>:1: SyntaxWarning: invalid decimal literal
<na>:1: SyntaxWarning: invalid decimal literal
Assertion failed: (last->i_target != b->b_next), function no_redundant_jumps, file flowgraph.c, line 483.

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux, macOS

Linked PRs

Metadata

Metadata

Assignees

Labels

interpreter-core(Objects, Python, Grammar, and Parser dirs)release-blockertype-bugAn unexpected behavior, bug, or errortype-crashA hard crash of the interpreter, possibly with a core dump

Projects

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions