[issue29483] AddressSanitizer: heap-buffer-overflow on address 0x60200000e731
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB: ASAN: = ==17856==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020e731 at pc 0x004bc3ad bp 0x7ffe8a4e7d10 sp 0x7ffe8a4e74c0 READ of size 11 at 0x6020e731 thread T0 #0 0x4bc3ac in __asan_memcpy ??:? #1 0x4bc3ac in ?? ??:0 #2 0x58bbb7 in PyBytes_FromStringAndSize /home/test/check/PythonASAN/Objects/bytesobject.c:123 #3 0x58bbb7 in ?? ??:0 #4 0x79987c in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:1458 (discriminator 1) #5 0x79987c in ?? ??:0 #6 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #7 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #8 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #9 0x7ab4cb in ?? ??:0 #10 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #11 0x7a76f2 in ?? ??:0 #12 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #13 0x7995cc in ?? ??:0 #14 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #15 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #16 0x7a9847 in ?? ??:0 #17 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #18 0x7ac2ea in ?? ??:0 #19 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #20 0x574668 in ?? ??:0 #21 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #22 0x5749fa in ?? ??:0 #23 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #24 0x573e9b in ?? ??:0 #25 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #26 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #27 0x793369 in ?? ??:0 #28 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #29 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #30 0x7a9847 in ?? ??:0 #31 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #32 0x7ac2ea in ?? ??:0 #33 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #34 0x574668 in ?? ??:0 #35 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #36 0x5749fa in ?? ??:0 #37 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #38 0x573e9b in ?? ??:0 #39 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #40 0x66efe4 in ?? ??:0 #41 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #42 0x5745f0 in ?? ??:0 #43 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #44 0x7a7429 in ?? ??:0 #45 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #46 0x7995cc in ?? ??:0 #47 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #48 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #49 0x7a9847 in ?? ??:0 #50 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #51 0x7ac2ea in ?? ??:0 #52 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #53 0x574668 in ?? ??:0 #54 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #55 0x5749fa in ?? ??:0 #56 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #57 0x573e9b in ?? ??:0 #58 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #59 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #60 0x793369 in ?? ??:0 #61 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #62 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #63 0x7a9847 in ?? ??:0 #64 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #65 0x7ac2ea in ?? ??:0 #66 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #67 0x574668 in ?? ??:0 #68 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #69 0x5749fa in ?? ??
[issue29484] AddressSanitizer: heap-buffer-overflow on address 0x60200000e738
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. PyBytes_FromStringAndSize (str=0xa76000 , size=1) at Objects/bytesobject.c:108 108 (op = characters[*str & UCHAR_MAX]) != NULL) Description: Access violation on source operand Short description: SourceAv (19/22) Hash: 4b7ecbff5972b39c26f6e0cf37443391.86c50dffa4bdc3a046d693db2d45a01e Exploitability Classification: UNKNOWN Explanation: The target crashed on an access violation at an address matching the source operand of the current instruction. This likely indicates a read access violation. Other tags: AccessViolation (21/22) ASAN: = ==18067==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020e738 at pc 0x0058bc2b bp 0x7ffe3c2965d0 sp 0x7ffe3c2965c8 READ of size 1 at 0x6020e738 thread T0 #0 0x58bc2a in PyBytes_FromStringAndSize /home/test/check/PythonASAN/Objects/bytesobject.c:108 #1 0x58bc2a in ?? ??:0 #2 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #3 0x5745f0 in ?? ??:0 #4 0x677108 in slot_sq_item /home/test/check/PythonASAN/Objects/typeobject.c:5876 #5 0x677108 in ?? ??:0 #6 0x5d9714 in iter_iternext /home/test/check/PythonASAN/Objects/iterobject.c:63 #7 0x5d9714 in ?? ??:0 #8 0x571fe3 in PyIter_Next /home/test/check/PythonASAN/Objects/abstract.c:3146 #9 0x571fe3 in PySequence_Tuple /home/test/check/PythonASAN/Objects/abstract.c:1797 #10 0x571fe3 in ?? ??:0 #11 0x7ff6988bd4cf in converters_from_argtypes /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2165 #12 0x7ff6988bd4cf in ?? ??:0 #13 0x7ff6988be677 in PyCFuncPtr_set_argtypes /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3036 #14 0x7ff6988be677 in ?? ??:0 #15 0x63b1e7 in _PyObject_GenericSetAttrWithDict /home/test/check/PythonASAN/Objects/object.c:1152 #16 0x63b1e7 in ?? ??:0 #17 0x639d52 in PyObject_SetAttr /home/test/check/PythonASAN/Objects/object.c:932 #18 0x639d52 in ?? ??:0 #19 0x79ad9e in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:2249 #20 0x79ad9e in ?? ??:0 #21 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #22 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #23 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #24 0x7ab4cb in ?? ??:0 #25 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #26 0x7a76f2 in ?? ??:0 #27 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #28 0x7995cc in ?? ??:0 #29 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #30 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #31 0x7a9847 in ?? ??:0 #32 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #33 0x7ac2ea in ?? ??:0 #34 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #35 0x574668 in ?? ??:0 #36 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #37 0x5749fa in ?? ??:0 #38 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #39 0x573e9b in ?? ??:0 #40 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #41 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #42 0x793369 in ?? ??:0 #43 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #44 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #45 0x7a9847 in ?? ??:0 #46 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #47 0x7ac2ea in ?? ??:0 #48 0x574668 in _PyObject_FastCallD
[issue29485] AddressSanitizer: SEGV on unknown address 0x7fab556df550
New submission from BeginVuln:
OS Version : Ubuntu 16.04 LTS
Python download link :
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
Python version : 3.6.0
Normal build cmd :
./configure
make
Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make
GDB with exploitable:
To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
z_get (ptr=0x75bba5d8, size=8) at
/home/test/check/PythonGDB/Modules/_ctypes/cfield.c:1336
1336if (*(void **)ptr) {
Description: Access violation on source operand
Short description: SourceAv (19/22)
Hash: 3930661c9a0f4c1f31bb4f2341bca47f.d4e21449248c6102834e8b566f6b2ac9
Exploitability Classification: UNKNOWN
Explanation: The target crashed on an access violation at an address matching
the source operand of the current instruction. This likely indicates a read
access violation.
Other tags: AccessViolation (21/22)
ASAN:
ASAN:DEADLYSIGNAL
=
==18885==ERROR: AddressSanitizer: SEGV on unknown address 0x7fab556df550 (pc
0x7fab558d0cd1 bp 0x7fab5a4b0b90 sp 0x7ffc9cbcc220 T0)
#0 0x7fab558d0cd0 in z_get
/home/test/check/PythonASAN/Modules/_ctypes/cfield.c:1336
#1 0x7fab558d0cd0 in ?? ??:0
#2 0x63ac07 in _PyObject_GenericGetAttrWithDict
/home/test/check/PythonASAN/Objects/object.c:1060
#3 0x63ac07 in ?? ??:0
#4 0x7966cc in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:2815 (discriminator 1)
#5 0x7966cc in ?? ??:0
#6 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#7 0x7a9847 in _PyEval_EvalCodeWithName
/home/test/check/PythonASAN/Python/ceval.c:4119
#8 0x7a9847 in ?? ??:0
#9 0x7ab648 in fast_function
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#10 0x7ab648 in ?? ??:0
#11 0x7a76f2 in call_function
/home/test/check/PythonASAN/Python/ceval.c:4809
#12 0x7a76f2 in ?? ??:0
#13 0x7995cc in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3275
#14 0x7995cc in ?? ??:0
#15 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#16 0x7a9847 in _PyEval_EvalCodeWithName
/home/test/check/PythonASAN/Python/ceval.c:4119
#17 0x7a9847 in ?? ??:0
#18 0x7ac2ea in _PyFunction_FastCallDict
/home/test/check/PythonASAN/Python/ceval.c:5021
#19 0x7ac2ea in ?? ??:0
#20 0x574668 in _PyObject_FastCallDict
/home/test/check/PythonASAN/Objects/abstract.c:2295
#21 0x574668 in ?? ??:0
#22 0x5749fa in _PyObject_Call_Prepend
/home/test/check/PythonASAN/Objects/abstract.c:2358
#23 0x5749fa in ?? ??:0
#24 0x573e9b in PyObject_Call
/home/test/check/PythonASAN/Objects/abstract.c:2246
#25 0x573e9b in ?? ??:0
#26 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#27 0x793369 in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3357
#28 0x793369 in ?? ??:0
#29 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#30 0x7a9847 in _PyEval_EvalCodeWithName
/home/test/check/PythonASAN/Python/ceval.c:4119
#31 0x7a9847 in ?? ??:0
#32 0x7ac2ea in _PyFunction_FastCallDict
/home/test/check/PythonASAN/Python/ceval.c:5021
#33 0x7ac2ea in ?? ??:0
#34 0x574668 in _PyObject_FastCallDict
/home/test/check/PythonASAN/Objects/abstract.c:2295
#35 0x574668 in ?? ??:0
#36 0x5749fa in _PyObject_Call_Prepend
/home/test/check/PythonASAN/Objects/abstract.c:2358
#37 0x5749fa in ?? ??:0
#38 0x573e9b in PyObject_Call
/home/test/check/PythonASAN/Objects/abstract.c:2246
#39 0x573e9b in ?? ??:0
#40 0x66efe4 in slot_tp_call
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#41 0x66efe4 in ?? ??:0
#42 0x5745f0 in _PyObject_FastCallDict
/home/test/check/PythonASAN/Objects/abstract.c:2316
#43 0x5745f0 in ?? ??:0
#44 0x7a7429 in call_function
/home/test/check/PythonASAN/Python/ceval.c:4812
#45 0x7a7429 in ?? ??:0
#46 0x7995cc in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3275
#47 0x7995cc in ?? ??:0
#48 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#49 0x7a9847 in _PyEval_EvalCodeWithN
[issue29486] AddressSanitizer: SEGV on unknown address 0x7f16f88e3560
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGBUS, Bus error. 0x763a6dfe in i_set (ptr=0x8007f5b3f5e8, value=, size=4) at /home/test/check/PythonGDB/Modules/_ctypes/cfield.c:650 650 x = SET(int, x, val, size); Description: Access violation Short description: AccessViolation (21/22) Hash: 0e6533f2dc6ec45bf8aced4adaa8169a.5ae343e4a8ceeca018e7fc78f552033e Exploitability Classification: UNKNOWN Explanation: The target crashed due to an access violation but there is not enough additional information available to determine exploitability. ASAN: ASAN:DEADLYSIGNAL = ==18660==ERROR: AddressSanitizer: SEGV on unknown address 0x7f16f88e3560 (pc 0x7f0ef90f6e68 bp 0x61935c98 sp 0x7ffe7b44e2e0 T0) #0 0x7f0ef90f6e67 in i_set /home/test/check/PythonASAN/Modules/_ctypes/cfield.c:651 #1 0x7f0ef90f6e67 in ?? ??:0 #2 0x7f0ef90da8ea in PyCData_set /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2916 #3 0x7f0ef90da8ea in ?? ??:0 #4 0x7f0ef90f5470 in PyCField_set /home/test/check/PythonASAN/Modules/_ctypes/cfield.c:216 #5 0x7f0ef90f5470 in ?? ??:0 #6 0x63b1e7 in _PyObject_GenericSetAttrWithDict /home/test/check/PythonASAN/Objects/object.c:1152 #7 0x63b1e7 in ?? ??:0 #8 0x639d52 in PyObject_SetAttr /home/test/check/PythonASAN/Objects/object.c:932 #9 0x639d52 in ?? ??:0 #10 0x79ad9e in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:2249 #11 0x79ad9e in ?? ??:0 #12 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #13 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #14 0x7a9847 in ?? ??:0 #15 0x7ab648 in fast_function /home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1) #16 0x7ab648 in ?? ??:0 #17 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #18 0x7a76f2 in ?? ??:0 #19 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #20 0x7995cc in ?? ??:0 #21 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #22 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #23 0x7a9847 in ?? ??:0 #24 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #25 0x7ac2ea in ?? ??:0 #26 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #27 0x574668 in ?? ??:0 #28 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #29 0x5749fa in ?? ??:0 #30 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #31 0x573e9b in ?? ??:0 #32 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #33 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #34 0x793369 in ?? ??:0 #35 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #36 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #37 0x7a9847 in ?? ??:0 #38 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #39 0x7ac2ea in ?? ??:0 #40 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #41 0x574668 in ?? ??:0 #42 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #43 0x5749fa in ?? ??:0 #44 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #45 0x573e9b in ?? ??:0 #46 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #47 0x66efe4 in ?? ??:0 #48 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #49 0x5745f0 in ?? ??:0 #50 0x7a7429 in call_function /home/test/chec
[issue29487] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Inferior 1 (process 19362) exited with code 01] ASAN: = ==18038==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020e734 at pc 0x7fbe64d4ef87 bp 0x7ffdd65d7190 sp 0x7ffdd65d7188 READ of size 4 at 0x6020e734 thread T0 #0 0x7fbe64d4ef86 in i_get /home/test/check/PythonASAN/Modules/_ctypes/cfield.c:675 #1 0x7fbe64d4ef86 in ?? ??:0 #2 0x7fbe64d40dca in Pointer_subscript /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:5026 (discriminator 1) #3 0x7fbe64d40dca in ?? ??:0 #4 0x79987c in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:1458 (discriminator 1) #5 0x79987c in ?? ??:0 #6 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #7 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #8 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #9 0x7ab4cb in ?? ??:0 #10 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #11 0x7a76f2 in ?? ??:0 #12 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #13 0x7995cc in ?? ??:0 #14 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #15 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #16 0x7a9847 in ?? ??:0 #17 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #18 0x7ac2ea in ?? ??:0 #19 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #20 0x574668 in ?? ??:0 #21 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #22 0x5749fa in ?? ??:0 #23 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #24 0x573e9b in ?? ??:0 #25 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #26 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #27 0x793369 in ?? ??:0 #28 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #29 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #30 0x7a9847 in ?? ??:0 #31 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #32 0x7ac2ea in ?? ??:0 #33 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #34 0x574668 in ?? ??:0 #35 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #36 0x5749fa in ?? ??:0 #37 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #38 0x573e9b in ?? ??:0 #39 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #40 0x66efe4 in ?? ??:0 #41 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #42 0x5745f0 in ?? ??:0 #43 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #44 0x7a7429 in ?? ??:0 #45 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #46 0x7995cc in ?? ??:0 #47 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #48 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #49 0x7a9847 in ?? ??:0 #50 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #51 0x7ac2ea in ?? ??:0 #52 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #53 0x574668 in ?? ??:0 #54 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #55 0x5749fa in ?? ??:0 #56 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
[issue29488] AddressSanitizer: SEGV on unknown address 0x0001a5525c1b
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x7639c455 in PyCData_clear (self=0x75b3f510) at /home/test/check/PythonGDB/Modules/_ctypes/_ctypes.c:2497 2497Py_CLEAR(self->b_objects); Description: Access violation on destination operand Short description: DestAv (8/22) Hash: 8dc538f2a05876e51d4aacf57c47935b.6a0f7d54d57adbe0b04a497a3ee9c96c Exploitability Classification: EXPLOITABLE Explanation: The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value. Other tags: AccessViolation (21/22) ASAN: ASAN:DEADLYSIGNAL = ==18570==ERROR: AddressSanitizer: SEGV on unknown address 0x0001a5525c1b (pc 0x7f922b0d9c62 bp 0x7f922b0d9c20 sp 0x7ffc440acf10 T0) #0 0x7f922b0d9c61 in PyCData_clear /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2497 (discriminator 3) #1 0x7f922b0d9c61 in PyCData_dealloc /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2509 (discriminator 3) #2 0x7f922b0d9c61 in ?? ??:0 #3 0x65d51a in subtype_dealloc /home/test/check/PythonASAN/Objects/typeobject.c:1222 #4 0x65d51a in ?? ??:0 #5 0x60fb27 in free_keys_object /home/test/check/PythonASAN/Objects/dictobject.c:561 (discriminator 5) #6 0x60fb27 in ?? ??:0 #7 0x6163fa in dict_dealloc /home/test/check/PythonASAN/Objects/dictobject.c:1933 (discriminator 1) #8 0x6163fa in ?? ??:0 #9 0x7f922b0d9ca8 in PyCData_clear /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2497 (discriminator 5) #10 0x7f922b0d9ca8 in PyCData_dealloc /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2509 (discriminator 5) #11 0x7f922b0d9ca8 in ?? ??:0 #12 0x65d51a in subtype_dealloc /home/test/check/PythonASAN/Objects/typeobject.c:1222 #13 0x65d51a in ?? ??:0 #14 0x5d10da in frame_dealloc /home/test/check/PythonASAN/Objects/frameobject.c:423 (discriminator 5) #15 0x5d10da in ?? ??:0 #16 0x7a98ca in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4130 (discriminator 3) #17 0x7a98ca in ?? ??:0 #18 0x7ab648 in fast_function /home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1) #19 0x7ab648 in ?? ??:0 #20 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #21 0x7a76f2 in ?? ??:0 #22 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #23 0x7995cc in ?? ??:0 #24 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #25 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #26 0x7a9847 in ?? ??:0 #27 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #28 0x7ac2ea in ?? ??:0 #29 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #30 0x574668 in ?? ??:0 #31 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #32 0x5749fa in ?? ??:0 #33 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #34 0x573e9b in ?? ??:0 #35 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #36 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #37 0x793369 in ?? ??:0 #38 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #39 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #40 0x7a9847 in ?? ??:0 #41 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #42 0x7ac2ea in ?? ??:0 #43 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #44 0x574668 in ?? ??:0 #45 0x5749fa
[issue29489] AddressSanitizer: SEGV on unknown address 0x7f4a36c604d0
New submission from BeginVuln:
OS Version : Ubuntu 16.04 LTS
Python download link :
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
Python version : 3.6.0
Normal build cmd :
./configure
make
Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make
GDB with exploitable:
To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x75d87282 in Pointer_item (index=32767, myself=0x75b3b620) at
/home/test/check/PythonGDB/Modules/_ctypes/_ctypes.c:4748
4748if (*(void **)self->b_ptr == NULL) {
Description: Access violation on destination operand
Short description: DestAv (8/22)
Hash: 6d733dd19a93baf3031238df7085b89d.f931e2f4bcacefcb07769ddcf0b1360f
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching
the destination operand of the instruction. This likely indicates a write
access violation, which means the attacker may control the write address and/or
value.
Other tags: AccessViolation (21/22)
ASAN:
ASAN:DEADLYSIGNAL
=
==18357==ERROR: AddressSanitizer: SEGV on unknown address 0x7f4a36c604d0 (pc
0x7f4a36e40562 bp 0x7ffc8c278530 sp 0x7ffc8c278060 T0)
#0 0x7f4a36e40561 in Pointer_item
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:4748
#1 0x7f4a36e40561 in ?? ??:0
#2 0x79987c in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:1458 (discriminator 1)
#3 0x79987c in ?? ??:0
#4 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#5 0x7a9847 in _PyEval_EvalCodeWithName
/home/test/check/PythonASAN/Python/ceval.c:4119
#6 0x7a9847 in ?? ??:0
#7 0x7ab648 in fast_function
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#8 0x7ab648 in ?? ??:0
#9 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#10 0x7a76f2 in ?? ??:0
#11 0x7995cc in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3275
#12 0x7995cc in ?? ??:0
#13 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#14 0x7a9847 in _PyEval_EvalCodeWithName
/home/test/check/PythonASAN/Python/ceval.c:4119
#15 0x7a9847 in ?? ??:0
#16 0x7ac2ea in _PyFunction_FastCallDict
/home/test/check/PythonASAN/Python/ceval.c:5021
#17 0x7ac2ea in ?? ??:0
#18 0x574668 in _PyObject_FastCallDict
/home/test/check/PythonASAN/Objects/abstract.c:2295
#19 0x574668 in ?? ??:0
#20 0x5749fa in _PyObject_Call_Prepend
/home/test/check/PythonASAN/Objects/abstract.c:2358
#21 0x5749fa in ?? ??:0
#22 0x573e9b in PyObject_Call
/home/test/check/PythonASAN/Objects/abstract.c:2246
#23 0x573e9b in ?? ??:0
#24 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#25 0x793369 in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3357
#26 0x793369 in ?? ??:0
#27 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#28 0x7a9847 in _PyEval_EvalCodeWithName
/home/test/check/PythonASAN/Python/ceval.c:4119
#29 0x7a9847 in ?? ??:0
#30 0x7ac2ea in _PyFunction_FastCallDict
/home/test/check/PythonASAN/Python/ceval.c:5021
#31 0x7ac2ea in ?? ??:0
#32 0x574668 in _PyObject_FastCallDict
/home/test/check/PythonASAN/Objects/abstract.c:2295
#33 0x574668 in ?? ??:0
#34 0x5749fa in _PyObject_Call_Prepend
/home/test/check/PythonASAN/Objects/abstract.c:2358
#35 0x5749fa in ?? ??:0
#36 0x573e9b in PyObject_Call
/home/test/check/PythonASAN/Objects/abstract.c:2246
#37 0x573e9b in ?? ??:0
#38 0x66efe4 in slot_tp_call
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#39 0x66efe4 in ?? ??:0
#40 0x5745f0 in _PyObject_FastCallDict
/home/test/check/PythonASAN/Objects/abstract.c:2316
#41 0x5745f0 in ?? ??:0
#42 0x7a7429 in call_function
/home/test/check/PythonASAN/Python/ceval.c:4812
#43 0x7a7429 in ?? ??:0
#44 0x7995cc in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3275
#45 0x7995cc in ?? ??:0
#46 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#47 0x7a9847 in _PyEval_EvalCodeWi
[issue29490] AddressSanitizer: heap-buffer-overflow on address 0x60200000e72f
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Inferior 1 (process 19391) exited with code 01] ASAN: = ==17908==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020e72f at pc 0x7f191d68154b bp 0x7ffd5c1c7e60 sp 0x7ffd5c1c7e58 READ of size 1 at 0x6020e72f thread T0 #0 0x7f191d68154a in Pointer_subscript /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:4992 #1 0x7f191d68154a in ?? ??:0 #2 0x79987c in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:1458 (discriminator 1) #3 0x79987c in ?? ??:0 #4 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #5 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #6 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #7 0x7ab4cb in ?? ??:0 #8 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #9 0x7a76f2 in ?? ??:0 #10 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #11 0x7995cc in ?? ??:0 #12 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #13 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #14 0x7a9847 in ?? ??:0 #15 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #16 0x7ac2ea in ?? ??:0 #17 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #18 0x574668 in ?? ??:0 #19 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #20 0x5749fa in ?? ??:0 #21 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #22 0x573e9b in ?? ??:0 #23 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #24 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #25 0x793369 in ?? ??:0 #26 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #27 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #28 0x7a9847 in ?? ??:0 #29 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #30 0x7ac2ea in ?? ??:0 #31 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #32 0x574668 in ?? ??:0 #33 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #34 0x5749fa in ?? ??:0 #35 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #36 0x573e9b in ?? ??:0 #37 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #38 0x66efe4 in ?? ??:0 #39 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #40 0x5745f0 in ?? ??:0 #41 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #42 0x7a7429 in ?? ??:0 #43 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #44 0x7995cc in ?? ??:0 #45 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #46 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #47 0x7a9847 in ?? ??:0 #48 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #49 0x7ac2ea in ?? ??:0 #50 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #51 0x574668 in ?? ??:0 #52 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #53 0x5749fa in ?? ??:0 #54 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #55 0x573e9b in ?? ??:0 #56 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #57 0x793369 in _PyEval_EvalF
[issue29491] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Inferior 1 (process 19397) exited with code 01] ASAN: = ==17935==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020e734 at pc 0x7f6e87941564 bp 0x7fff533392c0 sp 0x7fff533392b8 READ of size 4 at 0x6020e734 thread T0 #0 0x7f6e87941563 in Pointer_subscript /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:5013 #1 0x7f6e87941563 in ?? ??:0 #2 0x79987c in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:1458 (discriminator 1) #3 0x79987c in ?? ??:0 #4 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #5 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #6 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #7 0x7ab4cb in ?? ??:0 #8 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #9 0x7a76f2 in ?? ??:0 #10 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #11 0x7995cc in ?? ??:0 #12 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #13 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #14 0x7a9847 in ?? ??:0 #15 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #16 0x7ac2ea in ?? ??:0 #17 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #18 0x574668 in ?? ??:0 #19 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #20 0x5749fa in ?? ??:0 #21 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #22 0x573e9b in ?? ??:0 #23 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #24 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #25 0x793369 in ?? ??:0 #26 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #27 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #28 0x7a9847 in ?? ??:0 #29 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #30 0x7ac2ea in ?? ??:0 #31 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #32 0x574668 in ?? ??:0 #33 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #34 0x5749fa in ?? ??:0 #35 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #36 0x573e9b in ?? ??:0 #37 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #38 0x66efe4 in ?? ??:0 #39 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #40 0x5745f0 in ?? ??:0 #41 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #42 0x7a7429 in ?? ??:0 #43 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #44 0x7995cc in ?? ??:0 #45 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #46 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #47 0x7a9847 in ?? ??:0 #48 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #49 0x7ac2ea in ?? ??:0 #50 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #51 0x574668 in ?? ??:0 #52 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #53 0x5749fa in ?? ??:0 #54 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #55 0x573e9b in ?? ??:0 #56 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #57 0x793369 in _PyEval_EvalF
[issue29491] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734
Changes by BeginVuln : -- type: -> security ___ Python tracker <http://bugs.python.org/issue29491> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29492] AddressSanitizer: SEGV on unknown address 0x0000a0013639
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x0049b304 in dict_dealloc (mp=0x75b44510) at Objects/dictobject.c:1925 1925Py_XDECREF(values[i]); Description: Access violation during branch instruction Short description: BranchAv (4/22) Hash: 88d6a4b120e0fabdcb9b56178f8ef166.2c4f31b17f90f974f2ff23d3286fcbbd Exploitability Classification: EXPLOITABLE Explanation: The target crashed on a branch instruction, which may indicate that the control flow is tainted. Other tags: DestAv (8/22), AccessViolation (21/22) ASAN: ASAN:DEADLYSIGNAL = ==18235==ERROR: AddressSanitizer: SEGV on unknown address 0xa0013639 (pc 0x0061637c bp 0x7efd09781be8 sp 0x7ffe3da51c50 T0) #0 0x61637b in dict_dealloc /home/test/check/PythonASAN/Objects/dictobject.c:1925 (discriminator 5) #1 0x61637b in ?? ??:0 #2 0x65d3b9 in subtype_dealloc /home/test/check/PythonASAN/Objects/typeobject.c:1207 (discriminator 3) #3 0x65d3b9 in ?? ??:0 #4 0x5d10da in frame_dealloc /home/test/check/PythonASAN/Objects/frameobject.c:423 (discriminator 5) #5 0x5d10da in ?? ??:0 #6 0x7a98ca in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4130 (discriminator 3) #7 0x7a98ca in ?? ??:0 #8 0x7ab648 in fast_function /home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1) #9 0x7ab648 in ?? ??:0 #10 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #11 0x7a76f2 in ?? ??:0 #12 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #13 0x7995cc in ?? ??:0 #14 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #15 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #16 0x7a9847 in ?? ??:0 #17 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #18 0x7ac2ea in ?? ??:0 #19 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #20 0x574668 in ?? ??:0 #21 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #22 0x5749fa in ?? ??:0 #23 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #24 0x573e9b in ?? ??:0 #25 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #26 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #27 0x793369 in ?? ??:0 #28 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #29 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #30 0x7a9847 in ?? ??:0 #31 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #32 0x7ac2ea in ?? ??:0 #33 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #34 0x574668 in ?? ??:0 #35 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #36 0x5749fa in ?? ??:0 #37 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #38 0x573e9b in ?? ??:0 #39 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #40 0x66efe4 in ?? ??:0 #41 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #42 0x5745f0 in ?? ??:0 #43 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #44 0x7a7429 in ?? ??:0 #45 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #46 0x7995cc in ?? ??:0 #47 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #48 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #49 0x7a9847 in ?? ??:0 #50 0x7ac
[issue29493] AddressSanitizer: SEGV on unknown address 0x000cffff800d
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x0043d563 in PyObject_GC_UnTrack (op=0x73810400) at Modules/gcmodule.c:1699 1699_PyObject_GC_UNTRACK(op); Description: Access violation on destination operand Short description: DestAv (8/22) Hash: a30125899c34aa234161214a7afc7066.d78488ccad0508b81b411140385e7113 Exploitability Classification: EXPLOITABLE Explanation: The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value. Other tags: AccessViolation (21/22) ASAN: EsFASAN:DEADLYSIGNAL = ==18094==ERROR: AddressSanitizer: SEGV on unknown address 0x000c800d (pc 0x00543039 bp 0x0fec572c0c81 sp 0x7ffc421b9cf0 T0) #0 0x543038 in PyObject_GC_UnTrack /home/test/check/PythonASAN/Modules/gcmodule.c:1699 (discriminator 4) #1 0x543038 in ?? ??:0 #2 0x65ca2f in subtype_dealloc /home/test/check/PythonASAN/Objects/typeobject.c:1133 #3 0x65ca2f in ?? ??:0 #4 0x5d10da in frame_dealloc /home/test/check/PythonASAN/Objects/frameobject.c:423 (discriminator 5) #5 0x5d10da in ?? ??:0 #6 0x5304c4 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:55 (discriminator 5) #7 0x5304c4 in ?? ??:0 #8 0x530456 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:54 (discriminator 5) #9 0x530456 in ?? ??:0 #10 0x530456 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:54 (discriminator 5) #11 0x530456 in ?? ??:0 #12 0x5b3b49 in BaseException_clear /home/test/check/PythonASAN/Objects/exceptions.c:76 (discriminator 5) #13 0x5b3b49 in ?? ??:0 #14 0x5b3742 in BaseException_dealloc /home/test/check/PythonASAN/Objects/exceptions.c:86 #15 0x5b3742 in ?? ??:0 #16 0x656df9 in tupledealloc /home/test/check/PythonASAN/Objects/tupleobject.c:243 (discriminator 5) #17 0x656df9 in ?? ??:0 #18 0x656df9 in tupledealloc /home/test/check/PythonASAN/Objects/tupleobject.c:243 (discriminator 5) #19 0x656df9 in ?? ??:0 #20 0x5e5c19 in list_clear /home/test/check/PythonASAN/Objects/listobject.c:562 (discriminator 5) #21 0x5e5c19 in listclear /home/test/check/PythonASAN/Objects/listobject.c:763 (discriminator 5) #22 0x5e5c19 in ?? ??:0 #23 0x632208 in _PyCFunction_FastCallDict /home/test/check/PythonASAN/Objects/methodobject.c:192 #24 0x632208 in ?? ??:0 #25 0x7a7751 in call_function /home/test/check/PythonASAN/Python/ceval.c:4788 (discriminator 17) #26 0x7a7751 in ?? ??:0 #27 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #28 0x7995cc in ?? ??:0 #29 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #30 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #31 0x7a9847 in ?? ??:0 #32 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #33 0x7ac2ea in ?? ??:0 #34 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #35 0x574668 in ?? ??:0 #36 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #37 0x5749fa in ?? ??:0 #38 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #39 0x573e9b in ?? ??:0 #40 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #41 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #42 0x793369 in ?? ??:0 #43 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #44 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #45 0x7a9847 in ?? ??:0 #46 0x7ac2ea in _PyFunction_FastCallDict /home/t
[issue29494] AddressSanitizer: SEGV on unknown address 0x00009fff8001
New submission from BeginVuln:
OS Version : Ubuntu 16.04 LTS
Python download link :
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
Python version : 3.6.0
Normal build cmd :
./configure
make
Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make
GDB with exploitable:
To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
visit_decref (op=0x1, data=0x0) at Modules/gcmodule.c:374
374 if (PyObject_IS_GC(op)) {
Description: Access violation on source operand
Short description: SourceAv (19/22)
Hash: 5ae0cf182ca6c91339ba4d86e35281e3.974794321b75f348830f6ff316f662f4
Exploitability Classification: UNKNOWN
Explanation: The target crashed on an access violation at an address matching
the source operand of the current instruction. This likely indicates a read
access violation.
Other tags: AccessViolation (21/22)
ASAN:
ASAN:DEADLYSIGNAL
=
==18468==ERROR: AddressSanitizer: SEGV on unknown address 0x9fff8001 (pc
0x00544b5f bp 0x7ffeeb051e90 sp 0x7ffeeb051c30 T0)
#0 0x544b5e in visit_decref
/home/test/check/PythonASAN/Modules/gcmodule.c:374
#1 0x544b5e in ?? ??:0
#2 0x5d7035 in func_traverse
/home/test/check/PythonASAN/Objects/funcobject.c:558 (discriminator 8)
#3 0x5d7035 in ?? ??:0
#4 0x540ca1 in subtract_refs
/home/test/check/PythonASAN/Modules/gcmodule.c:399
#5 0x540ca1 in collect /home/test/check/PythonASAN/Modules/gcmodule.c:956
#6 0x540ca1 in ?? ??:0
#7 0x5406ed in collect_with_callback
/home/test/check/PythonASAN/Modules/gcmodule.c:1128
#8 0x5406ed in PyGC_Collect
/home/test/check/PythonASAN/Modules/gcmodule.c:1592
#9 0x5406ed in _PyGC_CollectIfEnabled
/home/test/check/PythonASAN/Modules/gcmodule.c:1605
#10 0x5406ed in ?? ??:0
#11 0x50d31a in Py_FinalizeEx
/home/test/check/PythonASAN/Python/pylifecycle.c:603
#12 0x50d31a in ?? ??:0
#13 0x50e127 in Py_Exit
/home/test/check/PythonASAN/Python/pylifecycle.c:1537
#14 0x50e127 in ?? ??:0
#15 0x51537b in handle_system_exit
/home/test/check/PythonASAN/Python/pythonrun.c:602
#16 0x51537b in ?? ??:0
#17 0x5146b0 in PyErr_PrintEx
/home/test/check/PythonASAN/Python/pythonrun.c:612
#18 0x5146b0 in ?? ??:0
#19 0x512c87 in PyErr_Print
/home/test/check/PythonASAN/Python/pythonrun.c:508
#20 0x512c87 in PyRun_SimpleFileExFlags
/home/test/check/PythonASAN/Python/pythonrun.c:401
#21 0x512c87 in ?? ??:0
#22 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320
#23 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780
#24 0x53eefd in ?? ??:0
#25 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69
#26 0x503d16 in ?? ??:0
#27 0x7fcae111d82f in __libc_start_main
/build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#28 0x7fcae111d82f in ?? ??:0
#29 0x432548 in _start ??:?
#30 0x432548 in ?? ??:0
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/test/check/PythonASAN/python+0x544b5e)
==18468==ABORTING
--
components: Interpreter Core
files: gcmodule_374
messages: 287331
nosy: beginvuln
priority: normal
severity: normal
status: open
title: AddressSanitizer: SEGV on unknown address 0x9fff8001
type: security
versions: Python 3.6
Added file: http://bugs.python.org/file46589/gcmodule_374
___
Python tracker
<http://bugs.python.org/issue29494>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29497] AddressSanitizer: SEGV on unknown address 0x000000000008
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGABRT, Aborted. 0x77116418 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 Description: Heap error Short description: HeapError (10/22) Hash: 2aa3ac417e1aa62c7fe1524ebca9f7a3.8d7f0ad1f2db61942ed3977c83757030 Exploitability Classification: EXPLOITABLE Explanation: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable. Other tags: AbortSignal (20/22) ASAN: ASAN:DEADLYSIGNAL = ==18277==ERROR: AddressSanitizer: SEGV on unknown address 0x0008 (pc 0x7f65f421d380 bp 0x7f65f4560b20 sp 0x7ffe10375320 T0) #0 0x7f65f421d37f in _int_free /build/glibc-GKVZIf/glibc-2.23/malloc/malloc.c:4057 #1 0x7f65f421d37f in ?? ??:0 #2 0x7f65f4220abb in __GI___libc_free /build/glibc-GKVZIf/glibc-2.23/malloc/malloc.c:2969 (discriminator 4) #3 0x7f65f4220abb in ?? ??:0 #4 0x7f65f0640e3f in ffi_call_unix64 ??:? #5 0x7f65f0640e3f in ?? ??:0 #6 0x7f65f06408aa in ffi_call ??:? #7 0x7f65f06408aa in ?? ??:0 #8 0x7f65f0885311 in _call_function_pointer /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809 #9 0x7f65f0885311 in _ctypes_callproc /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147 #10 0x7f65f0885311 in ?? ??:0 #11 0x7f65f0874199 in PyCFuncPtr_call /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870 #12 0x7f65f0874199 in ?? ??:0 #13 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #14 0x5745f0 in ?? ??:0 #15 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #16 0x7a7429 in ?? ??:0 #17 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #18 0x7995cc in ?? ??:0 #19 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #20 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #21 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #22 0x7ab4cb in ?? ??:0 #23 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #24 0x7a76f2 in ?? ??:0 #25 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #26 0x7995cc in ?? ??:0 #27 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #28 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #29 0x7a9847 in ?? ??:0 #30 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #31 0x7ac2ea in ?? ??:0 #32 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #33 0x574668 in ?? ??:0 #34 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #35 0x5749fa in ?? ??:0 #36 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #37 0x573e9b in ?? ??:0 #38 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #39 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #40 0x793369 in ?? ??:0 #41 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #42 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #43 0x7a9847 in ?? ??:0 #44 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #45 0x7ac2ea in ?? ??:0 #46 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #47 0x57
[issue29498] AddressSanitizer: SEGV on unknown address 0x0005ffff800d
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. _PyObject_GenericGetAttrWithDict (dict=0x2c006f, name=0x77eed3b0, obj=0x7628ebf8) at Objects/object.c:1088 1088Py_INCREF(dict); Description: Access violation on destination operand Short description: DestAv (8/22) Hash: 5fba3f64e0a5cd874121e05187de0b92.c7630c31a2ff26cdc6fb85881fa40252 Exploitability Classification: EXPLOITABLE Explanation: The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value. Other tags: AccessViolation (21/22) ASAN: EsEASAN:DEADLYSIGNAL = ==18600==ERROR: AddressSanitizer: SEGV on unknown address 0x0005800d (pc 0x0063acfe bp 0x7f86cde063b0 sp 0x7fffa5d9ea90 T0) #0 0x63acfd in _PyObject_GenericGetAttrWithDict /home/test/check/PythonASAN/Objects/object.c:1088 #1 0x63acfd in ?? ??:0 #2 0x7966cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:2815 (discriminator 1) #3 0x7966cc in ?? ??:0 #4 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #5 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #6 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #7 0x7ab4cb in ?? ??:0 #8 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #9 0x7a76f2 in ?? ??:0 #10 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #11 0x7995cc in ?? ??:0 #12 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #13 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #14 0x7a9847 in ?? ??:0 #15 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #16 0x7ac2ea in ?? ??:0 #17 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #18 0x574668 in ?? ??:0 #19 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #20 0x5749fa in ?? ??:0 #21 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #22 0x573e9b in ?? ??:0 #23 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #24 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #25 0x793369 in ?? ??:0 #26 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #27 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #28 0x7a9847 in ?? ??:0 #29 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #30 0x7ac2ea in ?? ??:0 #31 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #32 0x574668 in ?? ??:0 #33 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #34 0x5749fa in ?? ??:0 #35 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #36 0x573e9b in ?? ??:0 #37 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #38 0x66efe4 in ?? ??:0 #39 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #40 0x5745f0 in ?? ??:0 #41 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #42 0x7a7429 in ?? ??:0 #43 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #44 0x7995cc in ?? ??:0 #45 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #46 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #47 0x7a9847 in ?? ?
[issue29499] AddressSanitizer: SEGV on unknown address 0x000ebfff800d
New submission from BeginVuln:
OS Version : Ubuntu 16.04 LTS
Python download link :
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
Python version : 3.6.0
Normal build cmd :
./configure
make
Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make
GDB with exploitable:
To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
_PyObject_Alloc (ctx=0x0, elsize=136, nelem=1, use_calloc=0) at
Objects/obmalloc.c:1258
1258if ((pool->freeblock = *(block **)bp) != NULL) {
Description: Access violation on source operand
Short description: SourceAv (19/22)
Hash: 931f1ff7977aaf47bb64eec6d074074f.3e2cbb794853bcf6a077da4bfa99ade4
Exploitability Classification: UNKNOWN
Explanation: The target crashed on an access violation at an address matching
the source operand of the current instruction. This likely indicates a read
access violation.
Other tags: AccessViolation (21/22)
ASAN:
EsEASAN:DEADLYSIGNAL
=
==18115==ERROR: AddressSanitizer: SEGV on unknown address 0x000ebfff800d (pc
0x005082ed bp 0x0072006f sp 0x7fffe2536f60 T0)
#0 0x5082ec in _PyObject_Alloc
/home/test/check/PythonASAN/Objects/obmalloc.c:1258
#1 0x5082ec in ?? ??:0
#2 0x54318c in _PyObject_GC_Alloc
/home/test/check/PythonASAN/Modules/gcmodule.c:1714
#3 0x54318c in ?? ??:0
#4 0x543391 in _PyObject_GC_Malloc
/home/test/check/PythonASAN/Modules/gcmodule.c:1736
#5 0x543391 in _PyObject_GC_New
/home/test/check/PythonASAN/Modules/gcmodule.c:1748
#6 0x543391 in ?? ??:0
#7 0x5d5516 in PyFunction_NewWithQualName
/home/test/check/PythonASAN/Objects/funcobject.c:21
#8 0x5d5516 in ?? ??:0
#9 0x796ecf in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3373
#10 0x796ecf in ?? ??:0
#11 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#12 0x7a9847 in _PyEval_EvalCodeWithName
/home/test/check/PythonASAN/Python/ceval.c:4119
#13 0x7a9847 in ?? ??:0
#14 0x7ab648 in fast_function
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#15 0x7ab648 in ?? ??:0
#16 0x7a76f2 in call_function
/home/test/check/PythonASAN/Python/ceval.c:4809
#17 0x7a76f2 in ?? ??:0
#18 0x7995cc in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3275
#19 0x7995cc in ?? ??:0
#20 0x7ab4cb in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#21 0x7ab4cb in _PyFunction_FastCall
/home/test/check/PythonASAN/Python/ceval.c:4870
#22 0x7ab4cb in fast_function
/home/test/check/PythonASAN/Python/ceval.c:4905
#23 0x7ab4cb in ?? ??:0
#24 0x7a76f2 in call_function
/home/test/check/PythonASAN/Python/ceval.c:4809
#25 0x7a76f2 in ?? ??:0
#26 0x7995cc in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3275
#27 0x7995cc in ?? ??:0
#28 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#29 0x7a9847 in _PyEval_EvalCodeWithName
/home/test/check/PythonASAN/Python/ceval.c:4119
#30 0x7a9847 in ?? ??:0
#31 0x7ab648 in fast_function
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#32 0x7ab648 in ?? ??:0
#33 0x7a76f2 in call_function
/home/test/check/PythonASAN/Python/ceval.c:4809
#34 0x7a76f2 in ?? ??:0
#35 0x7995cc in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3275
#36 0x7995cc in ?? ??:0
#37 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#38 0x7a9847 in _PyEval_EvalCodeWithName
/home/test/check/PythonASAN/Python/ceval.c:4119
#39 0x7a9847 in ?? ??:0
#40 0x7ab648 in fast_function
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#41 0x7ab648 in ?? ??:0
#42 0x7a76f2 in call_function
/home/test/check/PythonASAN/Python/ceval.c:4809
#43 0x7a76f2 in ?? ??:0
#44 0x7995cc in _PyEval_EvalFrameDefault
/home/test/check/PythonASAN/Python/ceval.c:3275
#45 0x7995cc in ?? ??:0
#46 0x7a9847 in PyEval_EvalFrameEx
/home/test/check/PythonASAN/Python/ceval.c:718
#47 0x7a9847 in _PyEval_EvalCodeWithName
/home/test/check/PythonASAN/Python/ceval.c:4119
#48 0x7a9847
[issue29500] AddressSanitizer: heap-buffer-overflow on address 0x61600004a982
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Inferior 1 (process 19456) exited normally] ASAN: = ==18010==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6164a982 at pc 0x00830a11 bp 0x7fff6131b9b0 sp 0x7fff6131b9a8 READ of size 2 at 0x6164a982 thread T0 #0 0x830a10 in find_op /home/test/check/PythonASAN/Python/peephole.c:101 (discriminator 1) #1 0x830a10 in PyCode_Optimize /home/test/check/PythonASAN/Python/peephole.c:712 (discriminator 1) #2 0x830a10 in ?? ??:0 #3 0x7ccf6c in makecode /home/test/check/PythonASAN/Python/compile.c:5249 #4 0x7ccf6c in assemble /home/test/check/PythonASAN/Python/compile.c:5367 #5 0x7ccf6c in ?? ??:0 #6 0x7d0a09 in compiler_function /home/test/check/PythonASAN/Python/compile.c:1886 #7 0x7d0a09 in ?? ??:0 #8 0x7b0923 in compiler_body /home/test/check/PythonASAN/Python/compile.c:1463 #9 0x7b0923 in ?? ??:0 #10 0x7ae107 in compiler_mod /home/test/check/PythonASAN/Python/compile.c:1483 #11 0x7ae107 in PyAST_CompileObject /home/test/check/PythonASAN/Python/compile.c:341 #12 0x7ae107 in ?? ??:0 #13 0x5142d8 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:977 #14 0x5142d8 in PyRun_FileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:933 #15 0x5142d8 in ?? ??:0 #16 0x512afa in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:396 #17 0x512afa in ?? ??:0 #18 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320 #19 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780 #20 0x53eefd in ?? ??:0 #21 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69 #22 0x503d16 in ?? ??:0 #23 0x7f5554ba782f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291 #24 0x7f5554ba782f in ?? ??:0 #25 0x432548 in _start ??:? #26 0x432548 in ?? ??:0 0x6164a982 is located 0 bytes to the right of 514-byte region [0x6164a780,0x6164a982) allocated by thread T0 here: #0 0x4d2678 in malloc ??:? #1 0x4d2678 in ?? ??:0 #2 0x508c35 in PyMem_RawMalloc /home/test/check/PythonASAN/Objects/obmalloc.c:386 #3 0x508c35 in _PyObject_Alloc /home/test/check/PythonASAN/Objects/obmalloc.c:1427 #4 0x508c35 in ?? ??:0 SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/test/check/PythonASAN/python+0x830a10) Shadow bytes around the buggy address: 0x0c2c800014e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c800014f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c2c80001530:[02]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80001540: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80001550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb ==18010==ABORTING -- components: Interpreter Core files: peephole_101 messages:
[issue29501] AddressSanitizer: SEGV on unknown address 0x0000000028cb
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. strlen () at ../sysdeps/x86_64/strlen.S:106 Description: Access violation near NULL on source operand Short description: SourceAvNearNull (16/22) Hash: 887855ab5f56908afba8d62b6a25a6db.02c83d5748e9f8196679750a04737f93 Exploitability Classification: PROBABLY_NOT_EXPLOITABLE Explanation: The target crashed on an access violation at an address matching the source operand of the current instruction. This likely indicates a read access violation, which may mean the application crashed on a simple NULL dereference to data structure that has no immediate effect on control of the processor. Other tags: AccessViolation (21/22) ASAN: sEASAN:DEADLYSIGNAL = ==18621==ERROR: AddressSanitizer: SEGV on unknown address 0x28cb (pc 0x7f1572e57d16 bp 0x7ffeaf5703d0 sp 0x7ffeaf56fb68 T0) #0 0x7f1572e57d15 in strlen /build/glibc-GKVZIf/glibc-2.23/string/../sysdeps/x86_64/strlen.S:76 #1 0x7f1572e57d15 in ?? ??:0 #2 0x44ffac in __interceptor_strlen.part.45 asan_interceptors.cc.o:? #3 0x44ffac in ?? ??:0 #4 0x7f156c4cdf5c in string_at /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:5226 #5 0x7f156c4cdf5c in ?? ??:0 #6 0x7f156c2ade3f in ffi_call_unix64 ??:? #7 0x7f156c2ade3f in ?? ??:0 #8 0x7f156c2ad8aa in ffi_call ??:? #9 0x7f156c2ad8aa in ?? ??:0 #10 0x7f156c4db311 in _call_function_pointer /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809 #11 0x7f156c4db311 in _ctypes_callproc /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147 #12 0x7f156c4db311 in ?? ??:0 #13 0x7f156c4ca199 in PyCFuncPtr_call /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870 #14 0x7f156c4ca199 in ?? ??:0 #15 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #16 0x5745f0 in ?? ??:0 #17 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #18 0x7a7429 in ?? ??:0 #19 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #20 0x7995cc in ?? ??:0 #21 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #22 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #23 0x7a9847 in ?? ??:0 #24 0x7ab648 in fast_function /home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1) #25 0x7ab648 in ?? ??:0 #26 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #27 0x7a76f2 in ?? ??:0 #28 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #29 0x7995cc in ?? ??:0 #30 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #31 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #32 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #33 0x7ab4cb in ?? ??:0 #34 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #35 0x7a76f2 in ?? ??:0 #36 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #37 0x7995cc in ?? ??:0 #38 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #39 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #40 0x7a9847 in ?? ??:0 #41 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #42 0x7ac2ea in ?? ??:0 #43 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #44 0x574668 in ?? ??:0 #45 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #46 0x5749fa in ?? ??:0 #47 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #48 0x573e9b in ?? ??:0 #49 0x79336
[issue29496] AddressSanitizer: SEGV on unknown address 0x01ffe96de071
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Inferior 1 (process 19429) exited with code 01] ASAN: ASAN:DEADLYSIGNAL = ==18136==ERROR: AddressSanitizer: SEGV on unknown address 0x01ffe96de071 (pc 0x005e9305 bp 0x7ffc234b3300 sp 0x7ffc234b3240 T0) #0 0x5e9304 in PyLong_AsLongAndOverflow /home/test/check/PythonASAN/Objects/longobject.c:408 #1 0x5e9304 in ?? ??:0 #2 0x5e9658 in PyLong_AsLong /home/test/check/PythonASAN/Objects/longobject.c:474 (discriminator 1) #3 0x5e9658 in ?? ??:0 #4 0x7fda5a8bfe3f in ffi_call_unix64 ??:? #5 0x7fda5a8bfe3f in ?? ??:0 #6 0x7fda5a8bf8aa in ffi_call ??:? #7 0x7fda5a8bf8aa in ?? ??:0 #8 0x7fda5aaed311 in _call_function_pointer /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809 #9 0x7fda5aaed311 in _ctypes_callproc /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147 #10 0x7fda5aaed311 in ?? ??:0 #11 0x7fda5aadc199 in PyCFuncPtr_call /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870 #12 0x7fda5aadc199 in ?? ??:0 #13 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #14 0x5745f0 in ?? ??:0 #15 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #16 0x7a7429 in ?? ??:0 #17 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #18 0x7995cc in ?? ??:0 #19 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #20 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #21 0x7a9847 in ?? ??:0 #22 0x78e15d in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140 #23 0x78e15d in ?? ??:0 #24 0x784f1a in builtin___build_class__ /home/test/check/PythonASAN/Python/bltinmodule.c:170 #25 0x784f1a in ?? ??:0 #26 0x631f93 in _PyCFunction_FastCallDict /home/test/check/PythonASAN/Objects/methodobject.c:231 #27 0x631f93 in ?? ??:0 #28 0x7a7751 in call_function /home/test/check/PythonASAN/Python/ceval.c:4788 (discriminator 17) #29 0x7a7751 in ?? ??:0 #30 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #31 0x7995cc in ?? ??:0 #32 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #33 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #34 0x7a9847 in ?? ??:0 #35 0x78e0df in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140 #36 0x78e0df in PyEval_EvalCode /home/test/check/PythonASAN/Python/ceval.c:695 #37 0x78e0df in ?? ??:0 #38 0x5142f5 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:980 #39 0x5142f5 in PyRun_FileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:933 #40 0x5142f5 in ?? ??:0 #41 0x512afa in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:396 #42 0x512afa in ?? ??:0 #43 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320 #44 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780 #45 0x53eefd in ?? ??:0 #46 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69 #47 0x503d16 in ?? ??:0 #48 0x7fda5deaf82f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291 #49 0x7fda5deaf82f in ?? ??:0 #50 0x432548 in _start ??:? #51 0x432548 in ?? ??:0 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/home/test/check/PythonASAN/python+0x5e9304) ==18136==ABORTING -- components: Interpreter Core files: longobj_408 messages: 287335 nosy: beginvuln priority: normal severity: normal status: open title: AddressSanitizer: SEGV on unknown address 0x01ffe96de071 type: security versions: Python 3.6 Added file: http://bugs.python.org/file46591/longobj_408 __
[issue29495] AddressSanitizer: SEGV on unknown address 0x02007ea947c3
New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. strlen () at ../sysdeps/x86_64/strlen.S:106 Description: Access violation near NULL on source operand Short description: SourceAvNearNull (16/22) Hash: 524fc888253e60855a72647740103ec8.0dd959fe8965dda124a3c8d6b55807e3 Exploitability Classification: PROBABLY_NOT_EXPLOITABLE Explanation: The target crashed on an access violation at an address matching the source operand of the current instruction. This likely indicates a read access violation, which may mean the application crashed on a simple NULL dereference to data structure that has no immediate effect on control of the processor. Other tags: AccessViolation (21/22) ASAN: ASAN:DEADLYSIGNAL = ==18706==ERROR: AddressSanitizer: SEGV on unknown address 0x02007ea947c3 (pc 0x0044ffe7 bp 0x7fffaa71f040 sp 0x7fffaa71e7e0 T0) #0 0x44ffe6 in __interceptor_strlen.part.45 asan_interceptors.cc.o:? #1 0x44ffe6 in ?? ??:0 #2 0x7f2309ccc95b in my_strdup /home/test/check/PythonASAN/Modules/_ctypes/_ctypes_test.c:169 (discriminator 1) #3 0x7f2309ccc95b in ?? ??:0 #4 0x7f2309f17e3f in ffi_call_unix64 ??:? #5 0x7f2309f17e3f in ?? ??:0 #6 0x7f2309f178aa in ffi_call ??:? #7 0x7f2309f178aa in ?? ??:0 #8 0x7f230a145311 in _call_function_pointer /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809 #9 0x7f230a145311 in _ctypes_callproc /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147 #10 0x7f230a145311 in ?? ??:0 #11 0x7f230a134199 in PyCFuncPtr_call /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870 #12 0x7f230a134199 in ?? ??:0 #13 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #14 0x5745f0 in ?? ??:0 #15 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #16 0x7a7429 in ?? ??:0 #17 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #18 0x7995cc in ?? ??:0 #19 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #20 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #21 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #22 0x7ab4cb in ?? ??:0 #23 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #24 0x7a76f2 in ?? ??:0 #25 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #26 0x7995cc in ?? ??:0 #27 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #28 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #29 0x7a9847 in ?? ??:0 #30 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #31 0x7ac2ea in ?? ??:0 #32 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #33 0x574668 in ?? ??:0 #34 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #35 0x5749fa in ?? ??:0 #36 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #37 0x573e9b in ?? ??:0 #38 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #39 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #40 0x793369 in ?? ??:0 #41 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #42 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #43 0x7a9847 in ?? ??:0 #44 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #45 0x7ac2ea in ?? ??:0 #46 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #47 0x574668 in ?? ??:0 #48 0x5749fa in _PyObject_Call_Prepend
