New submission from Alexey Izbyshev <[email protected]>:
==24122==ERROR: AddressSanitizer: stack-use-after-scope on address
0x7fffb1c62550 at pc 0x0000006ec66c bp 0x7fffb1c62450 sp 0x7fffb1c62448
READ of size 8 at 0x7fffb1c62550 thread T0
#0 0x6ec66b in mkpwent /scratch2/izbyshev/cpython/Modules/pwdmodule.c:79
#1 0x6ecdc9 in pwd_getpwnam_impl
/scratch2/izbyshev/cpython/Modules/pwdmodule.c:260
#2 0x6ecfee in pwd_getpwnam
/scratch2/izbyshev/cpython/Modules/clinic/pwdmodule.c.h:39
#3 0x454146 in _PyMethodDef_RawFastCallKeywords
/scratch2/izbyshev/cpython/Objects/call.c:644
[======= snip =======]
Address 0x7fffb1c62550 is located in stack of thread T0 at offset 160 in frame
#0 0x6eca60 in pwd_getpwnam_impl
/scratch2/izbyshev/cpython/Modules/pwdmodule.c:203
This frame has 3 object(s):
[32, 40) 'name_chars'
[96, 104) 'p'
[160, 208) 'pwd' <== Memory access at offset 160 is inside this variable
Variables declared in the block scope created with
Py_BEGIN_ALLOW_THREADS/Py_END_ALLOW_THREADS are referred to via a pointer
outside of that scope (i.e., after their lifetime ends). The bug was introduced
in
https://github.com/python/cpython/commit/23e65b25557f957af840cf8fe68e80659ce28629
.
----------
components: Extension Modules
messages: 329230
nosy: berker.peksag, izbyshev, serhiy.storchaka, vstinner, wg
priority: normal
severity: normal
status: open
title: ASAN: stack-use-after-scope in grp.getgr{nam,gid} and pwd.getpw{nam,uid}
type: behavior
versions: Python 3.8
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue35161>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
