From 6a20c42664eca4810380100f29d7245783df4f45 Mon Sep 17 00:00:00 2001 From: VanshAgarwal24036 Date: Wed, 11 Mar 2026 19:10:56 +0530 Subject: [PATCH 1/4] gh-145792: Fix incorrect alloca allocation size in traceback.c --- Lib/test/test_traceback.py | 12 ++++++++++++ .../2026-03-11-19-09-47.gh-issue-145792.X5KUhc.rst | 2 ++ Python/traceback.c | 2 +- 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Core_and_Builtins/2026-03-11-19-09-47.gh-issue-145792.X5KUhc.rst diff --git a/Lib/test/test_traceback.py b/Lib/test/test_traceback.py index 2fbc2a041269f4..4a11d996969d44 100644 --- a/Lib/test/test_traceback.py +++ b/Lib/test/test_traceback.py @@ -625,6 +625,18 @@ def test_signatures(self): str(inspect.signature(traceback.format_exception_only)), '(exc, /, value=, *, show_group=False, **kwargs)') + def test_traceback_deep_recursion_alloca(): + + def recurse(n): + if n == 0: + raise RuntimeError("boom") + return recurse(n - 1) + try: + recurse(1000) + except RuntimeError as exc: + tb = traceback.format_exception(exc) + assert any("RuntimeError" in line for line in tb) + class PurePythonExceptionFormattingMixin: def get_exception(self, callable, slice_start=0, slice_end=-1): diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2026-03-11-19-09-47.gh-issue-145792.X5KUhc.rst b/Misc/NEWS.d/next/Core_and_Builtins/2026-03-11-19-09-47.gh-issue-145792.X5KUhc.rst new file mode 100644 index 00000000000000..202c4d2df4431e --- /dev/null +++ b/Misc/NEWS.d/next/Core_and_Builtins/2026-03-11-19-09-47.gh-issue-145792.X5KUhc.rst @@ -0,0 +1,2 @@ +Fix incorrect memory allocation in the VLA fallback macro in traceback.c +when using alloca(), preventing potential out-of-bounds access. diff --git a/Python/traceback.c b/Python/traceback.c index 74360a1c73c271..9e5578670a214f 100644 --- a/Python/traceback.c +++ b/Python/traceback.c @@ -41,7 +41,7 @@ #if defined(__STDC_NO_VLA__) && (__STDC_NO_VLA__ == 1) /* Use alloca() for VLAs. */ -# define VLA(type, name, size) type *name = alloca(size) +# define VLA(type, name, size) type *name = (type *)alloca(sizeof(type) * (size)) #elif !defined(__STDC_NO_VLA__) || (__STDC_NO_VLA__ == 0) /* Use actual C VLAs.*/ # define VLA(type, name, size) type name[size] From e3149bb251950ed8f1a1af815395b824dfb62fbc Mon Sep 17 00:00:00 2001 From: VanshAgarwal24036 Date: Wed, 11 Mar 2026 19:23:13 +0530 Subject: [PATCH 2/4] Update test --- Lib/test/test_traceback.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/test/test_traceback.py b/Lib/test/test_traceback.py index 4a11d996969d44..100c3a34f256d6 100644 --- a/Lib/test/test_traceback.py +++ b/Lib/test/test_traceback.py @@ -632,7 +632,7 @@ def recurse(n): raise RuntimeError("boom") return recurse(n - 1) try: - recurse(1000) + recurse(50) except RuntimeError as exc: tb = traceback.format_exception(exc) assert any("RuntimeError" in line for line in tb) From 45e8e909a36280f5a5fc1adddc6e70d0c8024190 Mon Sep 17 00:00:00 2001 From: VanshAgarwal24036 Date: Wed, 11 Mar 2026 19:32:42 +0530 Subject: [PATCH 3/4] Update test --- Lib/test/test_traceback.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/test/test_traceback.py b/Lib/test/test_traceback.py index 100c3a34f256d6..c3893f204540fe 100644 --- a/Lib/test/test_traceback.py +++ b/Lib/test/test_traceback.py @@ -625,7 +625,7 @@ def test_signatures(self): str(inspect.signature(traceback.format_exception_only)), '(exc, /, value=, *, show_group=False, **kwargs)') - def test_traceback_deep_recursion_alloca(): + def test_traceback_deep_recursion_alloca(self): def recurse(n): if n == 0: From d36912a274a86f008ba9cbf4c855e94986d3f264 Mon Sep 17 00:00:00 2001 From: VanshAgarwal24036 Date: Thu, 12 Mar 2026 19:44:59 +0530 Subject: [PATCH 4/4] Address review comments --- Lib/test/test_traceback.py | 12 ------------ .../2026-03-11-19-09-47.gh-issue-145792.X5KUhc.rst | 4 ++-- Python/traceback.c | 2 +- 3 files changed, 3 insertions(+), 15 deletions(-) diff --git a/Lib/test/test_traceback.py b/Lib/test/test_traceback.py index c3893f204540fe..2fbc2a041269f4 100644 --- a/Lib/test/test_traceback.py +++ b/Lib/test/test_traceback.py @@ -625,18 +625,6 @@ def test_signatures(self): str(inspect.signature(traceback.format_exception_only)), '(exc, /, value=, *, show_group=False, **kwargs)') - def test_traceback_deep_recursion_alloca(self): - - def recurse(n): - if n == 0: - raise RuntimeError("boom") - return recurse(n - 1) - try: - recurse(50) - except RuntimeError as exc: - tb = traceback.format_exception(exc) - assert any("RuntimeError" in line for line in tb) - class PurePythonExceptionFormattingMixin: def get_exception(self, callable, slice_start=0, slice_end=-1): diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2026-03-11-19-09-47.gh-issue-145792.X5KUhc.rst b/Misc/NEWS.d/next/Core_and_Builtins/2026-03-11-19-09-47.gh-issue-145792.X5KUhc.rst index 202c4d2df4431e..bd42f32d6ae3f5 100644 --- a/Misc/NEWS.d/next/Core_and_Builtins/2026-03-11-19-09-47.gh-issue-145792.X5KUhc.rst +++ b/Misc/NEWS.d/next/Core_and_Builtins/2026-03-11-19-09-47.gh-issue-145792.X5KUhc.rst @@ -1,2 +1,2 @@ -Fix incorrect memory allocation in the VLA fallback macro in traceback.c -when using alloca(), preventing potential out-of-bounds access. +Fix out-of-bounds access when invoking faulthandler on a CPython build +compiled without support for VLAs. diff --git a/Python/traceback.c b/Python/traceback.c index 9e5578670a214f..1e8c9c879f9aac 100644 --- a/Python/traceback.c +++ b/Python/traceback.c @@ -41,7 +41,7 @@ #if defined(__STDC_NO_VLA__) && (__STDC_NO_VLA__ == 1) /* Use alloca() for VLAs. */ -# define VLA(type, name, size) type *name = (type *)alloca(sizeof(type) * (size)) +# define VLA(type, name, size) type *name = alloca(sizeof(type) * (size)) #elif !defined(__STDC_NO_VLA__) || (__STDC_NO_VLA__ == 0) /* Use actual C VLAs.*/ # define VLA(type, name, size) type name[size]