New submission from paul:
# Breakpoint 1, _siftup (heap=0x4056b344, pos=65534) at
/home/p/Python-3.4.1/Modules/_heapqmodule.c:121
# warning: Source file is more recent than executable.
# 121 Py_DECREF(PyList_GET_ITEM(heap, pos));
# (gdb) print *heap->ob_item[pos]
# $1 = {_ob_next = 0x41812058, _ob_prev = 0x831159c <refchain>, ob_refcnt = 1,
ob_type = 0x4058fd1c}
# (gdb) n
# 122 PyList_SET_ITEM(heap, pos, newitem);
# (gdb) print *heap->ob_item[pos]
# Cannot access memory at address 0x3fff8
# (gdb) print *heap
# $2 = {ob_base = {ob_base = {_ob_next = 0x4059c0b4, _ob_prev = 0x405903b4,
ob_refcnt = 2, ob_type = 0x830e1c0 <PyList_Type>},
# ob_size = 0}, ob_item = 0x0, allocated = 0}
# (gdb) n
#
# Program received signal SIGSEGV, Segmentation fault.
# 0x4002f150 in _siftup (heap=0x4056b344, pos=65534) at
/home/p/Python-3.4.1/Modules/_heapqmodule.c:122
# 122 PyList_SET_ITEM(heap, pos, newitem);
----------
files: poc_siftup.py
messages: 242318
nosy: pkt
priority: normal
severity: normal
status: open
title: Use after free in siftup
type: crash
versions: Python 3.4
Added file: http://bugs.python.org/file39252/poc_siftup.py
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue24101>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
