Crash report
What happened?
marshal.loads() triggers a native interpreter crash when loading the payload of the attached CPython 3.13 .pyc file.
This reproduces without any third-party decompiler or external tool. The crash happens directly in CPython when calling marshal.loads(data[16:]).
Minimal reproducer:
import marshal
p = "cpython-313-089a998b290e.pyc"
data = open(p, "rb").read()
print("file size:", len(data), flush=True)
print("payload size:", len(data[16:]), flush=True)
marshal.loads(data[16:])Observed output:
file size: 1152
payload size: 1136
Segmentation fault (core dumped)
exit code: 139
Expected behavior:
marshal.loads() should not crash the interpreter. For malformed or unsupported marshal data, it should raise a Python exception instead of causing a native SIGSEGV.
Environment:
Python 3.13.13 (main, May 10 2026, 19:26:54) [Clang 22.1.3]
Executable: /root/PycLens/PycLens/data/rq2/envs/cpython-313/bin/python
Resolved executable: /root/.local/share/uv/python/cpython-3.13.13-linux-x86_64-gnu/bin/python3.13
Platform: Linux-6.8.0-111-generic-x86_64-with-glibc2.35
Machine: x86_64
Kernel: Linux d5c2973cc36f 6.8.0-111-generic #111~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 14 17:13:45 UTC x86_64 x86_64 x86_64 GNU/Linux
Input file:
filename: cpython-313-089a998b290e.pyc
[cpython-313-089a998b290e.zip](https://github.com/user-attachments/files/29392558/cpython-313-089a998b290e.zip)
size: 1152 bytes
sha256: c59136bef5886b48271b6b9db85bbca1b337dc8ded289ce3866b2dae104d89c3
first 32 bytes:
f3 0d 0d 0a 00 60 00 00 00 00 00 00 00 00 00 00
e3 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00
gdb backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x0000000001b8c3c4 in _PyCode_New.cold ()
#0 0x0000000001b8c3c4 in _PyCode_New.cold ()
#1 0x00000000018318a0 in r_object.llvm ()
#2 0x0000000001830e29 in r_object.llvm ()
#3 0x000000000183153c in r_object.llvm ()
#4 0x00000000018a1ddd in read_object.llvm ()
#5 0x00000000018a1cec in marshal_loads ()
#6 0x0000000001804c55 in cfunction_vectorcall_FASTCALL_KEYWORDS.llvm.6012139673737436297 ()
#7 0x0000000001817f32 in _PyEval_EvalFrameDefault ()
#8 0x0000000001895668 in PyEval_EvalCode ()
#9 0x000000000185076f in run_eval_code_obj ()
#10 0x00000000018c348d in run_mod.llvm ()
#11 0x00000000019c1883 in _PyRun_SimpleStringFlagsWithName ()
#12 0x00000000019c0333 in Py_RunMain ()
#13 0x00000000019bff22 in pymain_main.llvm ()
#14 0x00000000019bfd2c in main ()
The crash was first observed while testing a bytecode decompiler, but the reproducer above shows that it is independent of that tool. CPython crashes directly in marshal.loads() on the .pyc payload.
CPython versions tested on:
3.13
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.13.13 (main, May 10 2026, 19:26:54) [Clang 22.1.3]
Crash report
What happened?
marshal.loads()triggers a native interpreter crash when loading the payload of the attached CPython 3.13.pycfile.This reproduces without any third-party decompiler or external tool. The crash happens directly in CPython when calling
marshal.loads(data[16:]).Minimal reproducer:
Observed output:
Expected behavior:
marshal.loads()should not crash the interpreter. For malformed or unsupported marshal data, it should raise a Python exception instead of causing a nativeSIGSEGV.Environment:
Input file:
gdb backtrace:
The crash was first observed while testing a bytecode decompiler, but the reproducer above shows that it is independent of that tool. CPython crashes directly in
marshal.loads()on the.pycpayload.CPython versions tested on:
3.13
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.13.13 (main, May 10 2026, 19:26:54) [Clang 22.1.3]