[New-bugs-announce] [issue46294] Integer overflow & Int values loaded into Bool detected via Libfuzzer & UndefinedBehaviorSanitizer

Steven Wirsz report at bugs.python.org
Fri Jan 7 10:06:13 EST 2022 

New submission from Steven Wirsz <swirsz at gmail.com>:

Compiling source from github on January 6, 2022, detected via Libfuzzer  & UndefinedBehaviorSanitizer:


# ./fuzz_struct_unpack crash-a0d.txt 
Running: crash-a0d.txt

/src/cpython3/Modules/_struct.c:509:28: runtime error: load of value 128, which is not a valid value for type '_Bool'

Python/pyhash.c:396:9: runtime error: unsigned integer overflow: 17111126337582519137 + 1455368869671451682 cannot be represented in type 'unsigned long'

Python/pyhash.c:414:5: runtime error: unsigned integer overflow: 6843264283216330929 + 16329705011411640967 cannot be represented in type 'unsigned long'

Python/pyhash.c:417:5: runtime error: unsigned integer overflow: 13747253807228978341 + 10396395245414858527 cannot be represented in type 'unsigned long'

Python/pyhash.c:418:5: runtime error: unsigned integer overflow: 17173606624272818715 + 4069551840979798976 cannot be represented in type 'unsigned long'

Python/pyhash.c:419:5: runtime error: unsigned integer overflow: 12388162105911730119 + 9634611433502982398 cannot be represented in type 'unsigned long'

Objects/longobject.c:288:22: runtime error: unsigned integer overflow: 0 - 18446744073709550595 cannot be represented in type 'unsigned long'

Objects/longobject.c:4872:31: runtime error: unsigned integer overflow: 18446744073709551615 + 1 cannot be represented in type 'unsigned long'

Objects/longobject.c:3124:33: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int'

Objects/longobject.c:3130:33: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int'

Objects/tupleobject.c:426:21: runtime error: unsigned integer overflow: 219911203979059663 * 14029467366897019727 cannot be represented in type 'unsigned long'

Objects/tupleobject.c:428:13: runtime error: unsigned integer overflow: 14367201699383568926 * 11400714785074694791 cannot be represented in type 'unsigned long'

Objects/tupleobject.c:426:13: runtime error: unsigned integer overflow: 18351143362227076666 + 1497884194698650478 cannot be represented in type 'unsigned long'

Objects/tupleobject.c:432:9: runtime error: unsigned integer overflow: 18406138070188819878 + 2870177450013471924 cannot be represented in type 'unsigned long'

Python/traceback.c:247:86: runtime error: unsigned integer overflow: 18446744073709551615 * 2 cannot be represented in type 'unsigned long'

Objects/frameobject.c:51:72: runtime error: unsigned integer overflow: 18446744073709551615 * 2 cannot be represented in type 'unsigned long'

----------
files: crash-a0d.txt
messages: 409973
nosy: swirsz
priority: normal
severity: normal
status: open
title: Integer overflow & Int values loaded into Bool detected via Libfuzzer & UndefinedBehaviorSanitizer
type: crash
versions: Python 3.11
Added file: https://bugs.python.org/file50547/crash-a0d.txt

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46294>
_______________________________________

More information about the New-bugs-announce mailing list