Umbrella issue: bugs found using cpython-review-toolkit #146102
Description
Bug report
What happened?
This is an umbrella issue for 50 select bugs found using cpython-review-toolkit, distributed across ~350K lines of CPython C code (Modules/, Objects/, Python/).
Feel free to work on any report, opening an issue if one doesn't exist yet. Comment with the issue and respective gist/bug here and I'll update the table. If you find an issue listed below that is a duplicate of an existing report, let me know and I'll also mark it in the table.
Modules/ (18 gists)
| Gist | Description | CPython Issue |
|---|---|---|
| gist | _ssl.c: Py_DECREF(NULL) in SNI callback | #146080 |
| gist | _sqlite: collation assertion + missing PyErr_NoMemory | #146090 |
| gist | functools partial PyDict_Contains -1 as truthy | #146075 |
| gist | _csv.c: _set_str missing NULL check | #146093 |
| gist | _zoneinfo: SEGV in get_weak_cache | #146076 |
| gist | _zoneinfo: missing PyErr_NoMemory in load_data | #146092 |
| gist | termios: NULL to PyLong_AsLong | #146091 |
| gist | _struct: segfault/assertion on uninitialized Struct | — |
| gist | pyexpat: ExternalEntityParserCreate crash | — |
| gist | _interpqueuesmodule: use-after-free dangling last | — |
| gist | selectmodule: errno < 0 always false | — |
| gist | _lsprof: exception clobbering | — |
| gist | deque.copy() ref corruption on OOM | — |
| gist | readline: begidx NULL on OOM | — |
| gist | zlibmodule: PyErr_NewException unchecked | — |
| gist | socketmodule: audit hook ref/buffer leaks | — |
| gist | _interpchannelsmodule: missing PyErr_NoMemory | — |
| gist | _interpretersmodule: SEGV on create under OOM | — |
Objects/ (13 gists)
| Gist | Description | CPython Issue |
|---|---|---|
| gist | ExceptionGroup repr OOB — 3-line segfault | #146096 |
| gist | SyntaxError.init ref leaks on re-init | — |
| gist | codeobject: code_richcompare swallows errors | — |
| gist | codeobject: co_tlbc NULL + replacement_locations leak | — |
| gist | weakref WRAP_BINARY ref leak (~20 operators) | — |
| gist | FrameLocalsProxy swallows/overwrites errors | — |
| gist | typeobject: missing return -1 in type_ready | — |
| gist | typeobject: buffer leak in slot_bf_getbuffer | — |
| gist | object.c: PyObject_Print missing LeaveRecursiveCall | — |
| gist | structseq: get_type_attr_as_size NULL deref | — |
| gist | genericaliasobject: two NULL dereference bugs | — |
| gist | odictobject: spurious PyErr_Clear | — |
| gist | unicode_format: wrong return + PY_SSIZE_T_MIN UB | — |
Python/ (16 gists)
| Gist | Description | CPython Issue |
|---|---|---|
| gist | import.c: wrong interpreter + double lock release | — |
| gist | instrumentation.c: PyLong leak per monitoring call | — |
| gist | instrumentation.c: use-after-Py_DECREF comparison | — |
| gist | ceval.c: missing PyErr_NoMemory + PyEval_GetLocals NULL | — |
| gist | bltinmodule: lazy_import NULL deref | — |
| gist | crossinterp: UAF + leaked exception + shadowed var | — |
| gist | compiler pipeline: 6 ref leaks and error bugs | — |
| gist | marshal: 8 refs leaked on corrupt TYPE_CODE | — |
| gist | pylifecycle: 5 init/fini cleanup bugs | — |
| gist | initconfig: SET_ITEM macro leaks dict | — |
| gist | ast.c: LEAVE_RECURSIVE missing on 30 paths | — |
| gist | hamt.c: sub_node leaked in bitmap ops | — |
| gist | pythonrun: main_module ref leak | — |
| gist | modsupport: missing va_end (UB) | — |
| gist | legacy_tracing: unchecked PyLong_AsInt | — |
| gist | optimizer_symbols: make_bottom NULL deref | — |
Duplicates (3 gists — same bugs uploaded from different runs)
| Gist | Duplicate of |
|---|---|
| gist | ExceptionGroup repr (dup of dceaa8b7) |
| gist | sqlite collation (dup of 69aff7ff) |
| gist | SSL SNI (dup of 50f98806) |
These issues were found with Claude Opus 4.6, using the /cpython-review-toolkit:explore [file or directory] all deep command.
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.15.0a7+ (heads/main:e0f7c1097e1, Mar 17 2026, 18:10:52) [Clang 21.1.2 (2ubuntu6)]