New submission from geeknik:
CC=afl-clang-fast CXX=afl-clang-fast++ AFL_USE_ASAN=1 ./configure --disable-ipv6
Passes fine.
AFL_USE_ASAN=1 make
Ends with the following:
Parser/pgen ./Grammar/Grammar Include/graminit.h Python/graminit.c
geeknik added the comment:
FYI, I was only able to build Python with ASAN by passing
ASAN_OPTIONS=detect_leaks=0 along with the make command, otherwise ASAN wanted
to stop the build process as soon as it detected this leak.
--
___
Python tracker
New submission from geeknik:
As per the security team, I'm submitting this here as it doesn't appear
exploitable.
Fuzzing Python 2.7.12 with AFL, ASAN and libdislocator.so on Debian 8.5 x64.
(This might also affect Python 3.5) The attached 1-byte testcase triggers a
heap-buffer-overflow
geeknik added the comment:
Sure, 3.5 and/or 3.6 has memory leaks during compilation:
https://bugs.python.org/issue27780
And I just compiled 3.5.2 and running that version of python against a
non-existent file returns this from LeakSanitizer:
ASAN_SYMBOLIZER_PATH=/usr/lib/llvm-3.5/bin/llvm
geeknik added the comment:
Interesting that only Python exhibits this "leaky" behavior that generates a
LeakSanitizer error. I don't see similar behavior in Perl, Ruby or PHP. Running
a non-ASAN build under Valgrind reports that a leak is still occurring:
LEAK SUMMAR
New submission from geeknik:
While fuzzing Python 3.4.5 with AFL, ASAN and libdislocator, I fat fingered the
keyboard ASAN pops up a LeakSanitizer error. Apparently trying to open a
non-existent file causes Python 3.4.5 to leak >880KB of memory.
./python: can't open file 'id:000109': [Errn
geeknik added the comment:
So if I leave UBSan and ASan out of the equation and compile with gcc and run
this script:
Program received signal SIGSEGV, Segmentation fault.
update_refs (containers=) at Modules/gcmodule.c:353
353 _PyGCHead_SET_REFS(gc, Py_REFCNT(FROM_GC(gc)));
(gdb
New submission from geeknik:
Python 3.7 git commit 3ca9f50 compiled with afl-clang-fast on Ubuntu 16 x64.
The following script triggers undefined-behavior followed by a null pointer
dereference and a segfault.
import weakref
class A(object):pass
def callback(x):del lst[0]
keepali0e=[]
for i
Changes by geeknik <geek...@protonmail.ch>:
--
type: -> crash
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue31165>
___
___
New submission from geeknik:
Python 3.7 git commit 3ca9f50 compiled with afl-clang-fast on Ubuntu 16 x64.
The following script triggers undefined-behavior followed by a null pointer
dereference and a segfault.
import gc
t0ing0=object()
class A(object):
def f():0
x=t0ing0
r
10 matches
Mail list logo
