[issue37694] Crash when calling zipimport.zipimporter.__new__().()

2019-07-27 Thread Alexandre Hamelin 


New submission from Alexandre Hamelin :

Found a crash with zipimport.zipimporter. Might or might not be related to 
Issue31723 which I've found searching the issues afterwards.

import zipimport
zipimport.zipimporter.__new__(zipimport.zipimporter).find_module('')

Python 2.7 and 3.6. Seems to be 'fixed' in 3.7+ (Linux, x86-64); reports that 
__init__ hasn't been called yet.

Found during manual testing in a break-the-python-jail CTF-like challenge.

Backtrace for Python 2.7
Python 2.7.15 (default, Oct 10 2018, 09:10:43)
[GCC 6.4.0] on linux2

$ gdb -q python2
Reading symbols from python2...(no debugging symbols found)...done.
(gdb) run zipcrash.py
Starting program: /usr/bin/python2 zipcrash.py
process 11106 is executing new program: /usr/bin/python2.7
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x77a86695 in PyString_AsString () from /usr/lib64/libpython2.7.so.1.0
(gdb) bt
#0  0x77a86695 in PyString_AsString () from 
/usr/lib64/libpython2.7.so.1.0
#1  0x77b20269 in ?? () from /usr/lib64/libpython2.7.so.1.0
#2  0x77b20400 in ?? () from /usr/lib64/libpython2.7.so.1.0
#3  0x77adb3e7 in PyEval_EvalFrameEx () from 
/usr/lib64/libpython2.7.so.1.0
#4  0x77adca6c in PyEval_EvalCodeEx () from 
/usr/lib64/libpython2.7.so.1.0
#5  0x77adcb59 in PyEval_EvalCode () from /usr/lib64/libpython2.7.so.1.0
#6  0x77af60df in ?? () from /usr/lib64/libpython2.7.so.1.0
#7  0x77af7322 in PyRun_FileExFlags () from 
/usr/lib64/libpython2.7.so.1.0
#8  0x77af8535 in PyRun_SimpleFileExFlags () from 
/usr/lib64/libpython2.7.so.1.0
#9  0x77b0a537 in Py_Main () from /usr/lib64/libpython2.7.so.1.0
#10 0x774281db in __libc_start_main () from /lib64/libc.so.6
#11 0x47ca in _start ()
(gdb)


Backtrace for Python 3.6
Python 3.6.5 (default, Jul 16 2018, 11:40:44)
[GCC 6.4.0] on linux

$ gdb -q python3
Reading symbols from python3...(no debugging symbols found)...done.
(gdb) run zipcrash.py
Starting program: /usr/bin/python3 zipcrash.py
process 11149 is executing new program: /usr/bin/python3.6m
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x77aa5eea in ?? () from /usr/lib64/libpython3.6m.so.1.0
(gdb) bt
#0  0x77aa5eea in ?? () from /usr/lib64/libpython3.6m.so.1.0
#1  0x77aa6a92 in ?? () from /usr/lib64/libpython3.6m.so.1.0
#2  0x77aa6c9c in ?? () from /usr/lib64/libpython3.6m.so.1.0
#3  0x77aa6f49 in ?? () from /usr/lib64/libpython3.6m.so.1.0
#4  0x779a8d49 in _PyCFunction_FastCallDict () from 
/usr/lib64/libpython3.6m.so.1.0
#5  0x77a1d0d5 in ?? () from /usr/lib64/libpython3.6m.so.1.0
#6  0x77a20dea in _PyEval_EvalFrameDefault () from 
/usr/lib64/libpython3.6m.so.1.0
#7  0x77a1cc3c in ?? () from /usr/lib64/libpython3.6m.so.1.0
#8  0x77a1d1ce in PyEval_EvalCodeEx () from 
/usr/lib64/libpython3.6m.so.1.0
#9  0x77a1d1fb in PyEval_EvalCode () from 
/usr/lib64/libpython3.6m.so.1.0
#10 0x77a478b4 in ?? () from /usr/lib64/libpython3.6m.so.1.0
#11 0x77a49f35 in PyRun_FileExFlags () from 
/usr/lib64/libpython3.6m.so.1.0
#12 0x77a4a0a5 in PyRun_SimpleFileExFlags () from 
/usr/lib64/libpython3.6m.so.1.0
#13 0x77a610a3 in Py_Main () from /usr/lib64/libpython3.6m.so.1.0
#14 0x4b99 in main ()
(gdb)

--
components: Extension Modules
messages: 348563
nosy: Alexandre Hamelin
priority: normal
severity: normal
status: open
title: Crash when calling zipimport.zipimporter.__new__().()
versions: Python 2.7, Python 3.5, Python 3.6

___
Python tracker 
<https://bugs.python.org/issue37694>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue31852] Crashes with lines of the form "async \"

2017-10-30 Thread Alexandre Hamelin 

Alexandre Hamelin <quad...@gmail.com> added the comment:

Awesome work, thanks to you!

Would it also be the case for 'await' ?

--

___
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue31852>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue31852] Crashes with lines of the form "async \"

2017-10-23 Thread Alexandre Hamelin 

New submission from Alexandre Hamelin <quad...@gmail.com>:

Hi.

Python 3.6.2 crashes when interpreting lines with the text "async \" (future 
keyword 'async' and ending with a backslash).

Tested in a docker environment (debian jessie). (see 
github.com/0xquad/docker-python36 if needed)

Examples:

$ docker run -ti --rm python36
root@4c09392f83c8:/# python3.6
Python 3.6.2 (default, Aug  4 2017, 14:35:04)
[GCC 6.4.0 20170724] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> async \
...
  File "", line 1
\ufffd\ufffdF\ufffd\ufffd
 ^
SyntaxError: invalid syntax
>>> async \
Segmentation fault
root@4c09392f83c8:/#



Also,

- file: test.py
#/usr/bin/python3.6
async \

-

$ ./test.py
Segmentation fault
$


Haven't taken the time to produce a backtrace or investigate with latest the 
dev versions or any further.

Let me know if I can assist in any way.

--
components: Interpreter Core
messages: 304835
nosy: Alexandre Hamelin
priority: normal
severity: normal
status: open
title: Crashes with lines of the form "async \"
type: crash
versions: Python 3.6

___
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue31852>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com