[New-bugs-announce] [issue29494] AddressSanitizer: SEGV on unknown address 0x00009fff8001
BeginVuln
report at bugs.python.org
Wed Feb 8 09:51:44 EST 2017
New submission from BeginVuln:
OS Version : Ubuntu 16.04 LTS
Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
Python version : 3.6.0
Normal build cmd :
./configure
make
Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make
GDB with exploitable:
To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
visit_decref (op=0x100000000, data=0x0) at Modules/gcmodule.c:374
374 if (PyObject_IS_GC(op)) {
Description: Access violation on source operand
Short description: SourceAv (19/22)
Hash: 5ae0cf182ca6c91339ba4d86e35281e3.974794321b75f348830f6ff316f662f4
Exploitability Classification: UNKNOWN
Explanation: The target crashed on an access violation at an address matching the source operand of the current instruction. This likely indicates a read access violation.
Other tags: AccessViolation (21/22)
ASAN:
ASAN:DEADLYSIGNAL
=================================================================
==18468==ERROR: AddressSanitizer: SEGV on unknown address 0x00009fff8001 (pc 0x000000544b5f bp 0x7ffeeb051e90 sp 0x7ffeeb051c30 T0)
#0 0x544b5e in visit_decref /home/test/check/PythonASAN/Modules/gcmodule.c:374
#1 0x544b5e in ?? ??:0
#2 0x5d7035 in func_traverse /home/test/check/PythonASAN/Objects/funcobject.c:558 (discriminator 8)
#3 0x5d7035 in ?? ??:0
#4 0x540ca1 in subtract_refs /home/test/check/PythonASAN/Modules/gcmodule.c:399
#5 0x540ca1 in collect /home/test/check/PythonASAN/Modules/gcmodule.c:956
#6 0x540ca1 in ?? ??:0
#7 0x5406ed in collect_with_callback /home/test/check/PythonASAN/Modules/gcmodule.c:1128
#8 0x5406ed in PyGC_Collect /home/test/check/PythonASAN/Modules/gcmodule.c:1592
#9 0x5406ed in _PyGC_CollectIfEnabled /home/test/check/PythonASAN/Modules/gcmodule.c:1605
#10 0x5406ed in ?? ??:0
#11 0x50d31a in Py_FinalizeEx /home/test/check/PythonASAN/Python/pylifecycle.c:603
#12 0x50d31a in ?? ??:0
#13 0x50e127 in Py_Exit /home/test/check/PythonASAN/Python/pylifecycle.c:1537
#14 0x50e127 in ?? ??:0
#15 0x51537b in handle_system_exit /home/test/check/PythonASAN/Python/pythonrun.c:602
#16 0x51537b in ?? ??:0
#17 0x5146b0 in PyErr_PrintEx /home/test/check/PythonASAN/Python/pythonrun.c:612
#18 0x5146b0 in ?? ??:0
#19 0x512c87 in PyErr_Print /home/test/check/PythonASAN/Python/pythonrun.c:508
#20 0x512c87 in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:401
#21 0x512c87 in ?? ??:0
#22 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320
#23 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780
#24 0x53eefd in ?? ??:0
#25 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69
#26 0x503d16 in ?? ??:0
#27 0x7fcae111d82f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#28 0x7fcae111d82f in ?? ??:0
#29 0x432548 in _start ??:?
#30 0x432548 in ?? ??:0
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/test/check/PythonASAN/python+0x544b5e)
==18468==ABORTING
----------
components: Interpreter Core
files: gcmodule_374
messages: 287331
nosy: beginvuln
priority: normal
severity: normal
status: open
title: AddressSanitizer: SEGV on unknown address 0x00009fff8001
type: security
versions: Python 3.6
Added file: http://bugs.python.org/file46589/gcmodule_374
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29494>
_______________________________________
More information about the New-bugs-announce
mailing list