[3.10] bpo-46110: Add a recursion check to avoid stack overflow in the PEG parser (GH-30177) (GH-30214)

Co-authored-by: Batuhan Taskaya <isidentical@gmail.com>. (cherry picked from commit e9898bf153) Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
2025-12-23 09:19:18 +00:00 · 2021-12-20 16:23:37 +00:00 · 2021-12-20 16:23:37 +00:00 · dc73199a21
commit dc73199a21
parent 95948169d7
5 changed files with 4424 additions and 3073 deletions
--- a/Lib/test/test_syntax.py
+++ b/Lib/test/test_syntax.py
@ -1576,6 +1576,14 @@ while 1:
 """
        self._check_error(source, "too many statically nested blocks")

+    @support.cpython_only
+    def test_error_on_parser_stack_overflow(self):
+        source = "-" * 100000 + "4"
+        for mode in ["exec", "eval", "single"]:
+            with self.subTest(mode=mode):
+                with self.assertRaises(MemoryError):
+                    compile(source, "<string>", mode)
+

 def test_main():
    support.run_unittest(SyntaxTestCase)
--- a/Builtins/2021-12-18-02-37-07.bpo-46110.B6hAfu.rst
+++ b/Builtins/2021-12-18-02-37-07.bpo-46110.B6hAfu.rst
@ -0,0 +1,2 @@
+Add a maximum recursion check to the PEG parser to avoid stack overflow.
+Patch by Pablo Galindo
--- a/Parser/parser.c
+++ b/Parser/parser.c
--- a/Parser/pegen.c
+++ b/Parser/pegen.c
@ -1341,6 +1341,7 @@ void *
 _PyPegen_run_parser(Parser *p)
 {
    void *res = _PyPegen_parse(p);
+    assert(p->level == 0);
    if (res == NULL) {
        if (PyErr_Occurred() && !PyErr_ExceptionMatches(PyExc_SyntaxError)) {
            return NULL;
--- a/Tools/peg_generator/pegen/c_generator.py
+++ b/Tools/peg_generator/pegen/c_generator.py
@ -37,6 +37,8 @@ EXTENSION_PREFIX = """\
 #  define D(x)
 #endif

+# define MAXSTACK 6000
+
 """


@ -357,10 +359,14 @@ class CParserGenerator(ParserGenerator, GrammarVisitor):
        self.skip_actions = skip_actions

    def add_level(self) -> None:
-        self.print("D(p->level++);")
+        self.print("if (p->level++ == MAXSTACK) {")
+        with self.indent():
+            self.print("p->error_indicator = 1;")
+            self.print("PyErr_NoMemory();")
+        self.print("}")

    def remove_level(self) -> None:
-        self.print("D(p->level--);")
+        self.print("p->level--;")

    def add_return(self, ret_val: str) -> None:
        self.remove_level()
@ -536,9 +542,10 @@ class CParserGenerator(ParserGenerator, GrammarVisitor):
                self.print("p->in_raw_rule++;")
                self.print(f"void *_raw = {node.name}_raw(p);")
                self.print("p->in_raw_rule--;")
-                self.print("if (p->error_indicator)")
+                self.print("if (p->error_indicator) {")
                with self.indent():
-                    self.print("return NULL;")
+                    self.add_return("NULL")
+                self.print("}")
                self.print("if (_raw == NULL || p->mark <= _resmark)")
                with self.indent():
                    self.print("break;")