New submission from xGblankGx: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGABRT, Aborted. 0x00007ffff7116418 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 Description: Heap error Short description: HeapError (10/22) Hash: fb83ab1a4cc8eeff85970c4e8a40accc.0c71313476b72a94b16ca488bd78a548 Exploitability Classification: EXPLOITABLE Explanation: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable. Other tags: AbortSignal (20/22) ASAN: ...E================================================================= ==18791==ERROR: AddressSanitizer: attempting double-free on 0x60b000007050 in thread T0: #0 0x4d24f0 in __interceptor_cfree.localalias.0 asan_malloc_linux.cc.o:? #1 0x4d24f0 in ?? ??:0 #2 0x7f1f02ff8e3f in ffi_call_unix64 ??:? #3 0x7f1f02ff8e3f in ?? ??:0 #4 0x7f1f02ff88aa in ffi_call ??:? #5 0x7f1f02ff88aa in ?? ??:0 #6 0x7f1f03226311 in _call_function_pointer /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809 #7 0x7f1f03226311 in _ctypes_callproc /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147 #8 0x7f1f03226311 in ?? ??:0 #9 0x7f1f03215199 in PyCFuncPtr_call /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870 #10 0x7f1f03215199 in ?? ??:0 #11 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #12 0x5745f0 in ?? ??:0 #13 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #14 0x7a7429 in ?? ??:0 #15 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #16 0x7995cc in ?? ??:0 #17 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #18 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #19 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #20 0x7ab4cb in ?? ??:0 #21 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #22 0x7a76f2 in ?? ??:0 #23 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #24 0x7995cc in ?? ??:0 #25 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #26 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #27 0x7a9847 in ?? ??:0 #28 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #29 0x7ac2ea in ?? ??:0 #30 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #31 0x574668 in ?? ??:0 #32 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #33 0x5749fa in ?? ??:0 #34 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #35 0x573e9b in ?? ??:0 #36 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #37 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #38 0x793369 in ?? ??:0 #39 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #40 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #41 0x7a9847 in ?? ??:0 #42 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #43 0x7ac2ea in ?? ??:0 #44 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #45 0x574668 in ?? ??:0 #46 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #47 0x5749fa in ?? ??:0 #48 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #49 0x573e9b in ?? ??:0 #50 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #51 0x66efe4 in ?? ??:0 #52 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #53 0x5745f0 in ?? ??:0 #54 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #55 0x7a7429 in ?? ??:0 #56 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #57 0x7995cc in ?? ??:0 #58 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #59 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #60 0x7a9847 in ?? ??:0 #61 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #62 0x7ac2ea in ?? ??:0 #63 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #64 0x574668 in ?? ??:0 #65 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #66 0x5749fa in ?? ??:0 #67 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #68 0x573e9b in ?? ??:0 #69 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #70 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #71 0x793369 in ?? ??:0 #72 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #73 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #74 0x7a9847 in ?? ??:0 #75 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #76 0x7ac2ea in ?? ??:0 #77 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #78 0x574668 in ?? ??:0 #79 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #80 0x5749fa in ?? ??:0 #81 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #82 0x573e9b in ?? ??:0 #83 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #84 0x66efe4 in ?? ??:0 #85 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #86 0x5745f0 in ?? ??:0 #87 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #88 0x7a7429 in ?? ??:0 #89 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #90 0x7995cc in ?? ??:0 #91 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #92 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #93 0x7a9847 in ?? ??:0 #94 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #95 0x7ac2ea in ?? ??:0 #96 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #97 0x574668 in ?? ??:0 #98 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #99 0x5749fa in ?? ??:0 #100 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #101 0x573e9b in ?? ??:0 #102 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #103 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #104 0x793369 in ?? ??:0 #105 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #106 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #107 0x7a9847 in ?? ??:0 #108 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #109 0x7ac2ea in ?? ??:0 #110 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #111 0x574668 in ?? ??:0 #112 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #113 0x5749fa in ?? ??:0 #114 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #115 0x573e9b in ?? ??:0 #116 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #117 0x66efe4 in ?? ??:0 #118 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #119 0x5745f0 in ?? ??:0 #120 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #121 0x7a7429 in ?? ??:0 #122 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #123 0x7995cc in ?? ??:0 #124 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #125 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #126 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #127 0x7ab4cb in ?? ??:0 #128 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #129 0x7a76f2 in ?? ??:0 #130 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #131 0x7995cc in ?? ??:0 #132 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #133 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #134 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #135 0x7ab4cb in ?? ??:0 #136 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #137 0x7a76f2 in ?? ??:0 #138 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #139 0x7995cc in ?? ??:0 #140 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #141 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #142 0x7a9847 in ?? ??:0 #143 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #144 0x7ac2ea in ?? ??:0 #145 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #146 0x574668 in ?? ??:0 #147 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #148 0x5749fa in ?? ??:0 #149 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #150 0x573e9b in ?? ??:0 #151 0x6713f8 in slot_tp_init /home/test/check/PythonASAN/Objects/typeobject.c:6380 #152 0x6713f8 in ?? ??:0 #153 0x666d8d in type_call /home/test/check/PythonASAN/Objects/typeobject.c:915 (discriminator 1) #154 0x666d8d in ?? ??:0 #155 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #156 0x5745f0 in ?? ??:0 #157 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #158 0x7a7429 in ?? ??:0 #159 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #160 0x7995cc in ?? ??:0 #161 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #162 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #163 0x7a9847 in ?? ??:0 #164 0x78e0df in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140 #165 0x78e0df in PyEval_EvalCode /home/test/check/PythonASAN/Python/ceval.c:695 #166 0x78e0df in ?? ??:0 #167 0x5142f5 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:980 #168 0x5142f5 in PyRun_FileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:933 #169 0x5142f5 in ?? ??:0 #170 0x512afa in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:396 #171 0x512afa in ?? ??:0 #172 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320 #173 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780 #174 0x53eefd in ?? ??:0 #175 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69 #176 0x503d16 in ?? ??:0 #177 0x7f1f06ea582f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291 #178 0x7f1f06ea582f in ?? ??:0 #179 0x432548 in _start ??:? #180 0x432548 in ?? ??:0 0x60b000007050 is located 0 bytes inside of 108-byte region [0x60b000007050,0x60b0000070bc) freed by thread T0 here: #0 0x4d24f0 in __interceptor_cfree.localalias.0 asan_malloc_linux.cc.o:? #1 0x4d24f0 in ?? ??:0 #2 0x7f1f02ff8e3f in ffi_call_unix64 ??:? #3 0x7f1f02ff8e3f in ?? ??:0 #2 0x7ffc11a5271f (<unknown module>) previously allocated by thread T0 here: #0 0x4d2678 in malloc ??:? #1 0x4d2678 in ?? ??:0 #2 0x7f1effe039bc in my_wcsdup /home/test/check/PythonASAN/Modules/_ctypes/_ctypes_test.c:185 (discriminator 1) #3 0x7f1effe039bc in ?? ??:0 #2 0x7ffc11a5271f (<unknown module>) SUMMARY: AddressSanitizer: double-free (/home/test/check/PythonASAN/python+0x4d24f0) ==18791==ABORTING ---------- components: Interpreter Core files: asan_malloc messages: 287316 nosy: xgblankgx priority: normal severity: normal status: open title: AddressSanitizer: attempting double-free on 0x60b000007050 type: security versions: Python 3.6 Added file: http://bugs.python.org/file46577/asan_malloc _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29482> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com