types.CodeObject constructor can alter the passed in code_str under 3.13

Manually creating a code object using the following arguments results in a broken object in which the last code op is replaced by \x00\x00 and executing the code object results in a segfault.

argcount=0
posonlyargcount=0
kwonlyargcount=0
nlocals=0
stacksize=2
flags=65
code_str=b’\x95\x00S\x00S\x01:\x02$\x00’
consts=(24, 42)
names=()
varnames=()
filename=“”
name=“”
qualname=“”
first_lineno=1
lnotab=b’\xec\x00’
exception_table=b’’
cellvars=()
freevars=()

Where did you get that code string from?

1 Like

Sorry for the noise I made a mistake when generating the bytestring. dis._inline_cache_entries used to store the number of cache entry per opcode, it now does so by opname. As a consequence my bytestring was missing a cache entry and the missing return is actually converted to the forgotten cache. Thanks @MegaIng