Skip to content

Add PyExc_OverflowError to the list of possible exceptions in fuzz_ast_literal_eval fuzzer#145429

Open
StanFromIreland wants to merge 1 commit intopython:mainfrom
StanFromIreland:fix-fuzz_ast_literal_eval
Open

Add PyExc_OverflowError to the list of possible exceptions in fuzz_ast_literal_eval fuzzer#145429
StanFromIreland wants to merge 1 commit intopython:mainfrom
StanFromIreland:fix-fuzz_ast_literal_eval

Conversation

@StanFromIreland
Copy link
Member

@StanFromIreland StanFromIreland commented Mar 2, 2026

This fixes the "bug" found in https://oss-fuzz.com/testcase-detail/5450638250278912.

>>> import ast
... data = open('/tmp/testcase', 'rb').read()
... ast.literal_eval(data[:data.index(0)].decode())
... 
<python-input-2>:2: ResourceWarning: unclosed file <_io.BufferedReader name='/tmp/testcase'>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
Traceback (most recent call last):
  File "<python-input-2>", line 3, in <module>
    ast.literal_eval(data[:data.index(0)].decode())
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/stan/dev/cpython/Lib/ast.py", line 64, in literal_eval
    return _convert_literal(node_or_string)
  File "/home/stan/dev/cpython/Lib/ast.py", line 108, in _convert_literal
    return left + right
           ~~~~~^~~~~~~
OverflowError: int too large to convert to float
With fuzzer

Currently:

$ ./python -c "
import _xxtestfuzz
data = open('/tmp/testcase', 'rb').read()
_xxtestfuzz.run(data)
"
<string>:3: ResourceWarning: unclosed file <_io.BufferedReader name='/tmp/testcase'>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
Traceback (most recent call last):
  File "/home/stan/dev/cpython/Lib/ast.py", line 64, in literal_eval
    return _convert_literal(node_or_string)
  File "/home/stan/dev/cpython/Lib/ast.py", line 108, in _convert_literal
    return left + right
           ~~~~~^~~~~~~
OverflowError: int too large to convert to float
Aborted (core dumped)

With fix:

$ ./python -c "
import _xxtestfuzz
data = open('/tmp/testcase', 'rb').read()
_xxtestfuzz.run(data)
"
<string>:3: ResourceWarning: unclosed file <_io.BufferedReader name='/tmp/testcase'>
ResourceWarning: Enable tracemalloc to get the object allocation traceback

@StanFromIreland StanFromIreland added tests Tests in the Lib/test dir skip issue skip news labels Mar 2, 2026
ammaraskar
ammaraskar approved these changes Mar 2, 2026
View reviewed changes
Copy link
Member

@ammaraskar ammaraskar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to ignore this, we don't particularly care about overflow here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ammaraskar ammaraskar ammaraskar approved these changes

@gpshead gpshead Awaiting requested review from gpshead

@sethmlarson sethmlarson Awaiting requested review from sethmlarson

Assignees

No one assigned

Labels

awaiting merge skip issue skip news tests Tests in the Lib/test dir

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@StanFromIreland @ammaraskar