New submission from Jeffrey Walton:
Test 240 also suffers from a buffer overflow on sock_recvmsg_guts.
Test 240 is the test that follows 239, and 239 is "[239/389/2] test_unittest".
(I don't believe the message for 239 has flushed).
=================================================================
==29767==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6030000c0ce4 at pc 0x4aafea bp 0x7fff4c426010 sp 0x7fff4c425fc0
WRITE of size 24 at 0x6030000c0ce4 thread T0
#0 0x4aafe9 in write_msghdr
/home/jwalton/Desktop/clang-3.4/llvm-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1395
#1 0x4aafe9 in __interceptor_recvmsg
/home/jwalton/Desktop/clang-3.4/llvm-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1405
#2 0x2b955a764166 in sock_recvmsg_guts ./Modules/socketmodule.c:2968
#3 0x2b955a75f856 in sock_recvmsg ./Modules/socketmodule.c:3098
#4 0x6642ea in ext_do_call ./Python/ceval.c:4548
#5 0x6642ea in PyEval_EvalFrameEx ./Python/ceval.c:2869
#6 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578
#7 0x670ce5 in fast_function ./Python/ceval.c:4334
#8 0x65fbf8 in call_function ./Python/ceval.c:4252
#9 0x65fbf8 in PyEval_EvalFrameEx ./Python/ceval.c:2829
#10 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578
#11 0x670ce5 in fast_function ./Python/ceval.c:4334
#12 0x65fbf8 in call_function ./Python/ceval.c:4252
#13 0x65fbf8 in PyEval_EvalFrameEx ./Python/ceval.c:2829
#14 0x670baa in fast_function ./Python/ceval.c:4324
#15 0x65fbf8 in call_function ./Python/ceval.c:4252
#16 0x65fbf8 in PyEval_EvalFrameEx ./Python/ceval.c:2829
#17 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578
#18 0x84c1a7 in function_call ./Objects/funcobject.c:632
#19 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067
#20 0x664306 in ext_do_call ./Python/ceval.c:4551
#21 0x664306 in PyEval_EvalFrameEx ./Python/ceval.c:2869
#22 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578
#23 0x84c1a7 in function_call ./Objects/funcobject.c:632
#24 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067
#25 0x830dfc in method_call ./Objects/classobject.c:347
#26 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067
#27 0x5ae13f in slot_tp_call ./Objects/typeobject.c:5809
#28 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067
#29 0x6653d0 in do_call ./Python/ceval.c:4456
#30 0x6653d0 in call_function ./Python/ceval.c:4254
#31 0x6653d0 in PyEval_EvalFrameEx ./Python/ceval.c:2829
#32 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578
#33 0x84c1a7 in function_call ./Objects/funcobject.c:632
#34 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067
#35 0x664306 in ext_do_call ./Python/ceval.c:4551
#36 0x664306 in PyEval_EvalFrameEx ./Python/ceval.c:2869
#37 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578
#38 0x84c1a7 in function_call ./Objects/funcobject.c:632
#39 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067
#40 0x830dfc in method_call ./Objects/classobject.c:347
#41 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067
#42 0x5ae13f in slot_tp_call ./Objects/typeobject.c:5809
#43 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067
#44 0x6653d0 in do_call ./Python/ceval.c:4456
#45 0x6653d0 in call_function ./Python/ceval.c:4254
#46 0x6653d0 in PyEval_EvalFrameEx ./Python/ceval.c:2829
#47 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578
#48 0x84c1a7 in function_call ./Objects/funcobject.c:632
#49 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067
#50 0x664306 in ext_do_call ./Python/ceval.c:4551
#51 0x664306 in PyEval_EvalFrameEx ./Python/ceval.c:2869
#52 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578
#53 0x84c1a7 in function_call ./Objects/funcobject.c:632
[Missing remainder of trace]
----------
components: Tests
hgrepos: 222
messages: 213683
nosy: Jeffrey.Walton
priority: normal
severity: normal
status: open
title: Test 239: buffer overflow in sock_recvmsg_guts
versions: Python 3.5
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue20940>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
