[issue34922] hashlib segmentation fault

shuoz report at bugs.python.org
Sun Oct 7 21:04:58 EDT 2018 

shuoz <zzw20124321 at gmail.com> added the comment:

I send this to security at python.org.
Victor Stinner response me. 
"import hashlib; hashlib.shake_128().hexdigest((-1)&2**64-1)" can crash python3.7 and master


```
fan at fan:~/github/new$ ./py3.7/bin/python3
Python 3.7.1rc1+ (heads/3.7:c59e75c, Oct  8 2018, 08:53:13) 
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib; hashlib.shake_128().hexdigest((-1)&2**64-1)
ASAN:SIGSEGV
=================================================================
==29245==ERROR: AddressSanitizer: SEGV on unknown address 0x7f3a50713000 (pc 0x7f3a537994c1 bp 0x7ffd978e27f0 sp 0x7ffd978e1f78 T0)
    #0 0x7f3a537994c0  (/lib/x86_64-linux-gnu/libc.so.6+0x1564c0)
    #1 0x7f3a543df5d0 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c5d0)
    #2 0x7f3a4f5a8603 in memcpy /usr/include/x86_64-linux-gnu/bits/string3.h:53
    #3 0x7f3a4f5a8603 in _PySHA3_KeccakP1600_ExtractLanes /home/fan/github/new/cpython3.7/Modules/_sha3/kcp/KeccakP-1600-opt64.c:342
    #4 0x7f3a4f5a877b in _PySHA3_KeccakP1600_ExtractBytes /home/fan/github/new/cpython3.7/Modules/_sha3/kcp/KeccakP-1600-opt64.c:375
    #5 0x7f3a4f5a8965 in _PySHA3_KeccakWidth1600_SpongeSqueeze /home/fan/github/new/cpython3.7/Modules/_sha3/kcp/KeccakSponge.inc:287
    #6 0x7f3a4f5a92a2 in _SHAKE_digest /home/fan/github/new/cpython3.7/Modules/_sha3/sha3module.c:615
    #7 0x465348 in _PyMethodDef_RawFastCallKeywords Objects/call.c:644
    #8 0x74c83c in _PyMethodDescr_FastCallKeywords Objects/descrobject.c:288
    #9 0x441c3b in call_function Python/ceval.c:4579
    #10 0x441c3b in _PyEval_EvalFrameDefault Python/ceval.c:3110
    #11 0x5a3b1f in _PyEval_EvalCodeWithName Python/ceval.c:3930
    #12 0x5a40c2 in PyEval_EvalCodeEx Python/ceval.c:3959
    #13 0x5a40c2 in PyEval_EvalCode Python/ceval.c:524
    #14 0x605047 in run_mod Python/pythonrun.c:1035
    #15 0x6097c4 in PyRun_InteractiveOneObjectEx Python/pythonrun.c:256
    #16 0x609d65 in PyRun_InteractiveLoopFlags Python/pythonrun.c:120
    #17 0x60ad2b in PyRun_AnyFileExFlags Python/pythonrun.c:78
    #18 0x44d7c5 in pymain_run_file Modules/main.c:427
    #19 0x44d7c5 in pymain_run_filename Modules/main.c:1537
    #20 0x44d7c5 in pymain_run_python Modules/main.c:2626
    #21 0x44d7c5 in pymain_main Modules/main.c:2787
    #22 0x44e33b in _Py_UnixMain Modules/main.c:2822
    #23 0x7f3a5366382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #24 0x442db8 in _start (/home/fan/github/new/py3.7/bin/python3.7+0x442db8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ??
==29245==ABORTING
```


```
(venv) fan at fan:~/github/new$ python
Python 3.8.0a0 (heads/master:f6c8007, Sep 25 2018, 12:42:29) 
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib; hashlib.shake_128().hexdigest((-1)&2**64-1)
ASAN:SIGSEGV
=================================================================
==29347==ERROR: AddressSanitizer: SEGV on unknown address 0x7f6df36db000 (pc 0x7f6df1a0a210 bp 0x7ffdc8f57a80 sp 0x7ffdc8f57208 T0)
    #0 0x7f6df1a0a20f  (/lib/x86_64-linux-gnu/libc.so.6+0x15720f)
    #1 0x7f6df264f5d0 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c5d0)
    #2 0x7f6ded528643 in memcpy /usr/include/x86_64-linux-gnu/bits/string3.h:53
    #3 0x7f6ded528643 in _PySHA3_KeccakP1600_ExtractLanes /home/fan/github/new/cpython_a/Modules/_sha3/kcp/KeccakP-1600-opt64.c:342
    #4 0x7f6ded5287bb in _PySHA3_KeccakP1600_ExtractBytes /home/fan/github/new/cpython_a/Modules/_sha3/kcp/KeccakP-1600-opt64.c:375
    #5 0x7f6ded5289a5 in _PySHA3_KeccakWidth1600_SpongeSqueeze /home/fan/github/new/cpython_a/Modules/_sha3/kcp/KeccakSponge.inc:287
    #6 0x7f6ded529312 in _SHAKE_digest /home/fan/github/new/cpython_a/Modules/_sha3/sha3module.c:609
    #7 0x7f6ded529312 in _sha3_shake_128_hexdigest_impl /home/fan/github/new/cpython_a/Modules/_sha3/sha3module.c:658
    #8 0x7f6ded529312 in _sha3_shake_128_hexdigest /home/fan/github/new/cpython_a/Modules/_sha3/clinic/sha3module.c.h:116
    #9 0x46b389 in _PyMethodDef_RawFastCallKeywords Objects/call.c:644
    #10 0x81403c in _PyMethodDescr_FastCallKeywords Objects/descrobject.c:288
    #11 0x4416b1 in call_function Python/ceval.c:4600
    #12 0x4416b1 in _PyEval_EvalFrameDefault Python/ceval.c:3186
    #13 0x5ecfbb in PyEval_EvalFrameEx Python/ceval.c:536
    #14 0x5ecfbb in _PyEval_EvalCodeWithName Python/ceval.c:3951
    #15 0x5ed4d2 in PyEval_EvalCodeEx Python/ceval.c:3980
    #16 0x5ed4d2 in PyEval_EvalCode Python/ceval.c:513
    #17 0x68addd in run_mod Python/pythonrun.c:1031
    #18 0x68addd in PyRun_InteractiveOneObjectEx Python/pythonrun.c:256
    #19 0x68b3f5 in PyRun_InteractiveLoopFlags Python/pythonrun.c:120
    #20 0x68b71b in PyRun_AnyFileExFlags Python/pythonrun.c:78
    #21 0x44db6b in pymain_run_stdin Modules/main.c:1182
    #22 0x44db6b in pymain_run_python Modules/main.c:1610
    #23 0x44db6b in pymain_main Modules/main.c:1755
    #24 0x44e39b in _Py_UnixMain Modules/main.c:1792
    #25 0x7f6df18d382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #26 0x446228 in _start (/home/fan/github/new/py/bin/python3.8+0x446228)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ??
==29347==ABORTING
```

----------

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34922>
_______________________________________

More information about the Python-bugs-list mailing list