Bug report
What happened?
This is an umbrella issue for 50 select bugs found using cpython-review-toolkit, distributed across ~350K lines of CPython C code (Modules/, Objects/, Python/).
Feel free to work on any report, opening an issue if one doesn't exist yet. Comment with the issue and respective gist/bug here and I'll update the table. If you find an issue listed below that is a duplicate of an existing report, let me know and I'll also mark it in the table.
Modules/ (18 gists)
| Gist |
Description |
CPython Issue |
| gist |
_ssl.c: Py_DECREF(NULL) in SNI callback |
#146080 |
| gist |
_sqlite: collation assertion + missing PyErr_NoMemory |
#146090 |
| gist |
functools partial PyDict_Contains -1 as truthy |
#146075 FIXED |
| gist |
_csv.c: _set_str missing NULL check |
#146093 FIXED |
| gist |
_zoneinfo: SEGV in get_weak_cache |
#146076 FIXED |
| gist |
_zoneinfo: missing PyErr_NoMemory in load_data |
#146092 FIXED |
| gist |
termios: NULL to PyLong_AsLong |
#146091 FIXED |
| gist |
_struct: segfault/assertion on uninitialized Struct |
Fixed in 515ae40 |
| gist |
pyexpat: ExternalEntityParserCreate crash |
Fixed in e6b9a14 |
| gist |
_interpqueuesmodule: use-after-free dangling last |
#146427 |
| gist |
selectmodule: errno < 0 always false |
#146205 FIXED |
| gist |
_lsprof: exception clobbering |
— |
| gist |
deque.copy() ref corruption on OOM |
— |
| gist |
readline: begidx NULL on OOM |
— |
| gist |
zlibmodule: PyErr_NewException unchecked |
— |
| gist |
socketmodule: audit hook ref/buffer leaks |
#146245 FIXED |
| gist |
_interpchannelsmodule: missing PyErr_NoMemory |
— |
| gist |
_interpretersmodule: SEGV on create under OOM |
— |
Objects/ (13 gists)
| Gist |
Description |
CPython Issue |
| gist |
ExceptionGroup repr OOB — 3-line segfault |
#146096 FIXED |
| gist |
SyntaxError.__init__ ref leaks on re-init |
#146250 FIXED |
| gist |
codeobject: code_richcompare swallows errors |
#146199 FIXED |
| gist |
codeobject: co_tlbc NULL + replacement_locations leak |
— |
| gist |
weakref WRAP_BINARY ref leak (~20 operators) |
— |
| gist |
FrameLocalsProxy swallows/overwrites errors |
— |
| gist |
typeobject: missing return -1 in type_ready |
— |
| gist |
typeobject: buffer leak in slot_bf_getbuffer |
— |
| gist |
object.c: PyObject_Print missing LeaveRecursiveCall |
— |
| gist |
structseq: get_type_attr_as_size NULL deref |
#148119 |
| gist |
genericaliasobject: two NULL dereference bugs |
— |
| gist |
odictobject: spurious PyErr_Clear |
— |
| gist |
unicode_format: wrong return + PY_SSIZE_T_MIN UB |
— |
Python/ (16 gists)
| Gist |
Description |
CPython Issue |
| gist |
import.c: wrong interpreter + double lock release |
— |
| gist |
instrumentation.c: PyLong leak per monitoring call |
— |
| gist |
instrumentation.c: use-after-Py_DECREF comparison |
— |
| gist |
ceval.c: missing PyErr_NoMemory + PyEval_GetLocals NULL |
— |
| gist |
bltinmodule: lazy_import NULL deref |
— |
| gist |
crossinterp: UAF + leaked exception + shadowed var |
— |
| gist |
compiler pipeline: 6 ref leaks and error bugs |
#146442 |
| gist |
marshal: 8 refs leaked on corrupt TYPE_CODE |
— |
| gist |
pylifecycle: 5 init/fini cleanup bugs |
— |
| gist |
initconfig: SET_ITEM macro leaks dict |
#146244 FIXED |
| gist |
ast.c: LEAVE_RECURSIVE missing on 30 paths |
— |
| gist |
hamt.c: sub_node leaked in bitmap ops |
— |
| gist |
pythonrun: main_module ref leak |
#146355 FIXED |
| gist |
modsupport: missing va_end (UB) |
#146386 FIXED |
| gist |
legacy_tracing: unchecked PyLong_AsInt |
— |
| gist |
optimizer_symbols: make_bottom NULL deref |
#146388 FIXED |
Duplicates (3 gists — same bugs uploaded from different runs)
| Gist |
Duplicate of |
| gist |
ExceptionGroup repr (dup of dceaa8b7) |
| gist |
sqlite collation (dup of 69aff7ff) |
| gist |
SSL SNI (dup of 50f98806) |
These issues were found with Claude Opus 4.6, using the /cpython-review-toolkit:explore [file or directory] all deep command.
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.15.0a7+ (heads/main:e0f7c1097e1, Mar 17 2026, 18:10:52) [Clang 21.1.2 (2ubuntu6)]
Linked PRs
Bug report
What happened?
This is an umbrella issue for 50 select bugs found using cpython-review-toolkit, distributed across ~350K lines of CPython C code (Modules/, Objects/, Python/).
Feel free to work on any report, opening an issue if one doesn't exist yet. Comment with the issue and respective gist/bug here and I'll update the table. If you find an issue listed below that is a duplicate of an existing report, let me know and I'll also mark it in the table.
Modules/ (18 gists)
Objects/ (13 gists)
SyntaxError.__init__ref leaks on re-initPython/ (16 gists)
Duplicates (3 gists — same bugs uploaded from different runs)
These issues were found with Claude Opus 4.6, using the
/cpython-review-toolkit:explore [file or directory] all deepcommand.CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.15.0a7+ (heads/main:e0f7c1097e1, Mar 17 2026, 18:10:52) [Clang 21.1.2 (2ubuntu6)]
Linked PRs