Closed as duplicate of#136198
Description
Bug description:
import calendar
data=str("%%opt'AqPTIL*eyxQ3q0^xmT%888888888888888884hXT6B83eOU6IEF4f*cWKJyvxoHbjgDaohunN#Tnk&yS0iKAo&nQZ7v4yC6B83eOU6IEF4f*cWKJyvxoHbjgDaohunN%&$%b'ZkZZq0Yk2HowI$JzTqE3wVf2&wka(rm#KNfOU*Dqu)4F#Tnk&yS0inds)ZAu6q^t%#KBxkZKAo&nQu*uZ7(4m^Umh8*ndCQp0&zqQ#d*A'2Zt6fL7QUGK@M^Ll&(&pTDrhE8dFSTlQ^taN'")
ret = calendar.isleap(data)When building cpython without sanitizers, there will be a MemoryError.
It looks like the problem is in implicit type conversion. Tested for versions from 3.7 to 3.15
Below is the output of ASAN when building with --with-pydebug
#0 0x61165a914395 in __interceptor_realloc (/usr/local/bin/python3.15+0x763395) (BuildId: 510e01f0876b564331a25fd250bbf68603637192)
#1 0x61165ad54653 in _PyMem_DebugRawRealloc /root/cpython/Objects/obmalloc.c:3010:20
#2 0x61165aeaa285 in resize_compact /root/cpython/Objects/unicodeobject.c:1197:31
#3 0x61165ae392ac in _PyUnicodeWriter_PrepareInternal /root/cpython/Objects/unicodeobject.c:13824:25
#4 0x61165aeb4d87 in unicode_format_arg_output /root/cpython/Objects/unicodeobject.c:15345:9
#5 0x61165aeb4d87 in unicode_format_arg /root/cpython/Objects/unicodeobject.c:15449:15
#6 0x61165aeb4d87 in PyUnicode_Format /root/cpython/Objects/unicodeobject.c:15522:17
#7 0x61165aaebb2c in binary_op1 /root/cpython/Objects/abstract.c:964:13
#8 0x61165aaeb1db in binary_op /root/cpython/Objects/abstract.c:1003:24
#9 0x61165b0a774a in _PyEval_EvalFrameDefault /root/cpython/Python/generated_cases.c.h:62:35
#10 0x61165b070ad6 in _PyEval_EvalFrame /root/cpython/./Include/internal/pycore_ceval.h:119:16
#11 0x61165b070ad6 in _PyEval_Vector /root/cpython/Python/ceval.c:1975:12
#12 0x61165b06feab in PyEval_EvalCode /root/cpython/Python/ceval.c:866:21
#13 0x61165b2fe6dd in run_eval_code_obj /root/cpython/Python/pythonrun.c:1365:12
#14 0x61165b2fe6dd in run_mod /root/cpython/Python/pythonrun.c:1436:19
#15 0x61165b2f6430 in _PyRun_StringFlagsWithName /root/cpython/Python/pythonrun.c:1259:15
#16 0x61165b2f6430 in _PyRun_SimpleStringFlagsWithName /root/cpython/Python/pythonrun.c:578:15
#17 0x61165b3a0cf2 in pymain_run_command /root/cpython/Modules/main.c:261:11
#18 0x61165b3a0cf2 in pymain_run_python /root/cpython/Modules/main.c:682:21
#19 0x61165b3a0cf2 in Py_RunMain /root/cpython/Modules/main.c:772:5
#20 0x61165b3a3816 in pymain_main /root/cpython/Modules/main.c:802:12
#21 0x61165b3a3aed in Py_BytesMain /root/cpython/Modules/main.c:826:12
#22 0x797a1235e249 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
==122==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: allocation-size-too-big (/usr/local/bin/python3.15+0x763395) (BuildId: 510e01f0876b564331a25fd250bbf68603637192) in __interceptor_realloc
Bug was found using https://github.com/awen-li/PyRTFuzz
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux