From 1e562d747a57615f18f7a72491e9fe6a481afac9 Mon Sep 17 00:00:00 2001
From: Ammar Askar <ammar@ammaraskar.com>
Date: Tue, 26 Sep 2023 13:45:42 -0400
Subject: [PATCH 1/3] gh-109098: Fuzz re module instead of internal sre

---
 Modules/_xxtestfuzz/fuzzer.c | 45 +++++++++++++++---------------------
 1 file changed, 18 insertions(+), 27 deletions(-)

diff --git a/Modules/_xxtestfuzz/fuzzer.c b/Modules/_xxtestfuzz/fuzzer.c
index 54f8a42273401f..816ba09c8fd7de 100644
--- a/Modules/_xxtestfuzz/fuzzer.c
+++ b/Modules/_xxtestfuzz/fuzzer.c
@@ -193,37 +193,33 @@ static int fuzz_json_loads(const char* data, size_t size) {
 
 #define MAX_RE_TEST_SIZE 0x10000
 
-PyObject* sre_compile_method = NULL;
-PyObject* sre_error_exception = NULL;
-int SRE_FLAG_DEBUG = 0;
+PyObject* re_compile_method = NULL;
+PyObject* re_error_exception = NULL;
+int RE_FLAG_DEBUG = 0;
 /* Called by LLVMFuzzerTestOneInput for initialization */
 static int init_sre_compile(void) {
     /* Import sre_compile.compile and sre.error */
-    PyObject* sre_compile_module = PyImport_ImportModule("sre_compile");
-    if (sre_compile_module == NULL) {
+    PyObject* re_module = PyImport_ImportModule("re");
+    if (re_module == NULL) {
         return 0;
     }
-    sre_compile_method = PyObject_GetAttrString(sre_compile_module, "compile");
-    if (sre_compile_method == NULL) {
+    re_compile_method = PyObject_GetAttrString(re_module, "compile");
+    if (re_compile_method == NULL) {
         return 0;
     }
 
-    PyObject* sre_constants = PyImport_ImportModule("sre_constants");
-    if (sre_constants == NULL) {
+    re_error_exception = PyObject_GetAttrString(re_module, "error");
+    if (re_error_exception == NULL) {
         return 0;
     }
-    sre_error_exception = PyObject_GetAttrString(sre_constants, "error");
-    if (sre_error_exception == NULL) {
-        return 0;
-    }
-    PyObject* debug_flag = PyObject_GetAttrString(sre_constants, "SRE_FLAG_DEBUG");
+    PyObject* debug_flag = PyObject_GetAttrString(re_module, "DEBUG");
     if (debug_flag == NULL) {
         return 0;
     }
-    SRE_FLAG_DEBUG = PyLong_AsLong(debug_flag);
+    RE_FLAG_DEBUG = PyLong_AsLong(debug_flag);
     return 1;
 }
-/* Fuzz _sre.compile(x) */
+/* Fuzz re.compile(x) */
 static int fuzz_sre_compile(const char* data, size_t size) {
     /* Ignore really long regex patterns that will timeout the fuzzer */
     if (size > MAX_RE_TEST_SIZE) {
@@ -236,7 +232,7 @@ static int fuzz_sre_compile(const char* data, size_t size) {
     uint16_t flags = ((uint16_t*) data)[0];
     /* We remove the SRE_FLAG_DEBUG if present. This is because it
        prints to stdout which greatly decreases fuzzing speed */
-    flags &= ~SRE_FLAG_DEBUG;
+    flags &= ~RE_FLAG_DEBUG;
 
     /* Pull the pattern from the remaining bytes */
     PyObject* pattern_bytes = PyBytes_FromStringAndSize(data + 2, size - 2);
@@ -249,9 +245,9 @@ static int fuzz_sre_compile(const char* data, size_t size) {
         return 0;
     }
 
-    /* compiled = _sre.compile(data[2:], data[0:2] */
+    /* compiled = re.compile(data[2:], data[0:2] */
     PyObject* compiled = PyObject_CallFunctionObjArgs(
-        sre_compile_method, pattern_bytes, flags_obj, NULL);
+        re_compile_method, pattern_bytes, flags_obj, NULL);
     /* Ignore ValueError as the fuzzer will more than likely
        generate some invalid combination of flags */
     if (compiled == NULL && PyErr_ExceptionMatches(PyExc_ValueError)) {
@@ -267,7 +263,7 @@ static int fuzz_sre_compile(const char* data, size_t size) {
         PyErr_Clear();
     }
     /* Ignore re.error */
-    if (compiled == NULL && PyErr_ExceptionMatches(sre_error_exception)) {
+    if (compiled == NULL && PyErr_ExceptionMatches(re_error_exception)) {
         PyErr_Clear();
     }
 
@@ -531,13 +527,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 #if !defined(_Py_FUZZ_ONE) || defined(_Py_FUZZ_fuzz_sre_compile)
     static int SRE_COMPILE_INITIALIZED = 0;
     if (!SRE_COMPILE_INITIALIZED && !init_sre_compile()) {
-        if (!PyErr_ExceptionMatches(PyExc_DeprecationWarning)) {
-            PyErr_Print();
-            abort();
-        }
-        else {
-            PyErr_Clear();
-        }
+        PyErr_Print();
+        abort();
     } else {
         SRE_COMPILE_INITIALIZED = 1;
     }

From 0970b63469c2e1425048d6266c2221c81add1c23 Mon Sep 17 00:00:00 2001
From: Ammar Askar <ammar@ammaraskar.com>
Date: Tue, 26 Sep 2023 14:06:27 -0400
Subject: [PATCH 2/3] Fix c-analyzer globals test failure

---
 Tools/c-analyzer/cpython/_parser.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Tools/c-analyzer/cpython/_parser.py b/Tools/c-analyzer/cpython/_parser.py
index 4523b2ed5b9fdf..18d9604e464e10 100644
--- a/Tools/c-analyzer/cpython/_parser.py
+++ b/Tools/c-analyzer/cpython/_parser.py
@@ -89,6 +89,9 @@ def clean_lines(text):
 # not actually source
 Python/bytecodes.c
 
+# Fuzzers, these are meant to have global state.
+Modules/_xxtestfuzz/fuzzer.c
+
 # @end=conf@
 ''')
 

From d57f3f3deb2f46693b3efcea7fc17dc91cc8442a Mon Sep 17 00:00:00 2001
From: Ammar Askar <ammar@ammaraskar.com>
Date: Tue, 26 Sep 2023 15:06:39 -0400
Subject: [PATCH 3/3] Put globals exception in ignored.tsv

---
 Tools/c-analyzer/cpython/_parser.py  | 3 ---
 Tools/c-analyzer/cpython/ignored.tsv | 6 +++---
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/Tools/c-analyzer/cpython/_parser.py b/Tools/c-analyzer/cpython/_parser.py
index 18d9604e464e10..4523b2ed5b9fdf 100644
--- a/Tools/c-analyzer/cpython/_parser.py
+++ b/Tools/c-analyzer/cpython/_parser.py
@@ -89,9 +89,6 @@ def clean_lines(text):
 # not actually source
 Python/bytecodes.c
 
-# Fuzzers, these are meant to have global state.
-Modules/_xxtestfuzz/fuzzer.c
-
 # @end=conf@
 ''')
 
diff --git a/Tools/c-analyzer/cpython/ignored.tsv b/Tools/c-analyzer/cpython/ignored.tsv
index 336b0281bda85d..1f398701a7a5b5 100644
--- a/Tools/c-analyzer/cpython/ignored.tsv
+++ b/Tools/c-analyzer/cpython/ignored.tsv
@@ -580,15 +580,15 @@ Modules/_testmultiphase.c	-	uninitialized_def	-
 Modules/_testsinglephase.c	-	global_state	-
 Modules/_xxtestfuzz/_xxtestfuzz.c	-	_fuzzmodule	-
 Modules/_xxtestfuzz/_xxtestfuzz.c	-	module_methods	-
-Modules/_xxtestfuzz/fuzzer.c	-	SRE_FLAG_DEBUG	-
+Modules/_xxtestfuzz/fuzzer.c	-	RE_FLAG_DEBUG	-
 Modules/_xxtestfuzz/fuzzer.c	-	ast_literal_eval_method	-
 Modules/_xxtestfuzz/fuzzer.c	-	compiled_patterns	-
 Modules/_xxtestfuzz/fuzzer.c	-	csv_error	-
 Modules/_xxtestfuzz/fuzzer.c	-	csv_module	-
 Modules/_xxtestfuzz/fuzzer.c	-	json_loads_method	-
 Modules/_xxtestfuzz/fuzzer.c	-	regex_patterns	-
-Modules/_xxtestfuzz/fuzzer.c	-	sre_compile_method	-
-Modules/_xxtestfuzz/fuzzer.c	-	sre_error_exception	-
+Modules/_xxtestfuzz/fuzzer.c	-	re_compile_method	-
+Modules/_xxtestfuzz/fuzzer.c	-	re_error_exception	-
 Modules/_xxtestfuzz/fuzzer.c	-	struct_error	-
 Modules/_xxtestfuzz/fuzzer.c	-	struct_unpack_method	-
 Modules/_xxtestfuzz/fuzzer.c	LLVMFuzzerTestOneInput	CSV_READER_INITIALIZED	-