New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Inferior 1 (process 19456) exited normally] ASAN: ================================================================= ==18010==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61600004a982 at pc 0x000000830a11 bp 0x7fff6131b9b0 sp 0x7fff6131b9a8 READ of size 2 at 0x61600004a982 thread T0 #0 0x830a10 in find_op /home/test/check/PythonASAN/Python/peephole.c:101 (discriminator 1) #1 0x830a10 in PyCode_Optimize /home/test/check/PythonASAN/Python/peephole.c:712 (discriminator 1) #2 0x830a10 in ?? ??:0 #3 0x7ccf6c in makecode /home/test/check/PythonASAN/Python/compile.c:5249 #4 0x7ccf6c in assemble /home/test/check/PythonASAN/Python/compile.c:5367 #5 0x7ccf6c in ?? ??:0 #6 0x7d0a09 in compiler_function /home/test/check/PythonASAN/Python/compile.c:1886 #7 0x7d0a09 in ?? ??:0 #8 0x7b0923 in compiler_body /home/test/check/PythonASAN/Python/compile.c:1463 #9 0x7b0923 in ?? ??:0 #10 0x7ae107 in compiler_mod /home/test/check/PythonASAN/Python/compile.c:1483 #11 0x7ae107 in PyAST_CompileObject /home/test/check/PythonASAN/Python/compile.c:341 #12 0x7ae107 in ?? ??:0 #13 0x5142d8 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:977 #14 0x5142d8 in PyRun_FileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:933 #15 0x5142d8 in ?? ??:0 #16 0x512afa in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:396 #17 0x512afa in ?? ??:0 #18 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320 #19 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780 #20 0x53eefd in ?? ??:0 #21 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69 #22 0x503d16 in ?? ??:0 #23 0x7f5554ba782f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291 #24 0x7f5554ba782f in ?? ??:0 #25 0x432548 in _start ??:? #26 0x432548 in ?? ??:0 0x61600004a982 is located 0 bytes to the right of 514-byte region [0x61600004a780,0x61600004a982) allocated by thread T0 here: #0 0x4d2678 in malloc ??:? #1 0x4d2678 in ?? ??:0 #2 0x508c35 in PyMem_RawMalloc /home/test/check/PythonASAN/Objects/obmalloc.c:386 #3 0x508c35 in _PyObject_Alloc /home/test/check/PythonASAN/Objects/obmalloc.c:1427 #4 0x508c35 in ?? ??:0 SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/test/check/PythonASAN/python+0x830a10) Shadow bytes around the buggy address: 0x0c2c800014e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c800014f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c2c80001530:[02]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80001540: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80001550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80001580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==18010==ABORTING ---------- components: Interpreter Core files: peephole_101 messages: 287339 nosy: beginvuln priority: normal severity: normal status: open title: AddressSanitizer: heap-buffer-overflow on address 0x61600004a982 type: security versions: Python 3.6 Added file: http://bugs.python.org/file46595/peephole_101 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29500> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com