bsddb buffer overflow

lg at rgz.ru lg at rgz.ru
Fri Oct 27 10:43:49 EDT 2000 

Andrew Kuchling <akuchlin at mems-exchange.org> wrote:
> lg at rgz.ru writes:
>> It seems to be bsddb.keys() function of bsddb module
>> is buffer overflowable.

> Can you run the Python interpreter under a debugger and get a stack trace?
> (For gdb, type "where"; I don't know if FreeBSD uses a different debugger.)
[18:30][lg at ns][/]# gdb python python.core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by `python'.
Program terminated with signal 10, Bus error.
Reading symbols from /usr/lib/libreadline.so.4...done.
Reading symbols from /usr/lib/libncurses.so.5...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/lib/libz.so.2...done.
Reading symbols from /usr/lib/libc_r.so.4...done.
Reading symbols from /usr/lib/libutil.so.3...done.
Reading symbols from /usr/lib/libm.so.2...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x2828a61e in memcpy () from /usr/lib/libc_r.so.4
(gdb) where
#0  0x2828a61e in memcpy () from /usr/lib/libc_r.so.4
#1  0x81cfbec in ?? ()
#2  0x805b809 in call_builtin (func=0x81d8ba0, arg=0x81a60ac, kw=0x0)
    at ceval.c:2650
#3  0x805b713 in PyEval_CallObjectWithKeywords (func=0x81d8ba0, arg=0x81a60ac, 
    kw=0x0) at ceval.c:2618
#4  0x805a754 in eval_code2 (co=0x81e6540, globals=0x81ad10c, 
    locals=0x81ad10c, args=0x0, argcount=0, kws=0x0, kwcount=0, defs=0x0, 
    defcount=0, owner=0x0) at ceval.c:1951
#5  0x80580a5 in PyEval_EvalCode (co=0x81e6540, globals=0x81ad10c, 
    locals=0x81ad10c) at ceval.c:319
#6  0x806baf7 in run_node (n=0x81cfc00, filename=0x80ce82d "<stdin>", 
    globals=0x81ad10c, locals=0x81ad10c) at pythonrun.c:886
#7  0x806afe8 in PyRun_InteractiveOne (fp=0x8192c28, 
    filename=0x80ce82d "<stdin>") at pythonrun.c:532
#8  0x806ae66 in PyRun_InteractiveLoop (fp=0x8192c28, 
    filename=0x80ce82d "<stdin>") at pythonrun.c:478
#9  0x806ad86 in PyRun_AnyFileEx (fp=0x8192c28, filename=0x80ce82d "<stdin>", 
    closeit=0) at pythonrun.c:453
#10 0x80551b8 in Py_Main (argc=0, argv=0xbfbff738) at main.c:289
#11 0x8054c78 in main (argc=1, argv=0xbfbff738) at python.c:10
#12 0x8054bfd in _start ()
(gdb)  


> --amk

-- 
zev

More information about the Python-list mailing list