New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Inferior 1 (process 19429) exited with code 01] ASAN: ASAN:DEADLYSIGNAL ================================================================= ==18136==ERROR: AddressSanitizer: SEGV on unknown address 0x01ffe96de071 (pc 0x0000005e9305 bp 0x7ffc234b3300 sp 0x7ffc234b3240 T0) #0 0x5e9304 in PyLong_AsLongAndOverflow /home/test/check/PythonASAN/Objects/longobject.c:408 #1 0x5e9304 in ?? ??:0 #2 0x5e9658 in PyLong_AsLong /home/test/check/PythonASAN/Objects/longobject.c:474 (discriminator 1) #3 0x5e9658 in ?? ??:0 #4 0x7fda5a8bfe3f in ffi_call_unix64 ??:? #5 0x7fda5a8bfe3f in ?? ??:0 #6 0x7fda5a8bf8aa in ffi_call ??:? #7 0x7fda5a8bf8aa in ?? ??:0 #8 0x7fda5aaed311 in _call_function_pointer /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809 #9 0x7fda5aaed311 in _ctypes_callproc /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147 #10 0x7fda5aaed311 in ?? ??:0 #11 0x7fda5aadc199 in PyCFuncPtr_call /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870 #12 0x7fda5aadc199 in ?? ??:0 #13 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #14 0x5745f0 in ?? ??:0 #15 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #16 0x7a7429 in ?? ??:0 #17 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #18 0x7995cc in ?? ??:0 #19 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #20 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #21 0x7a9847 in ?? ??:0 #22 0x78e15d in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140 #23 0x78e15d in ?? ??:0 #24 0x784f1a in builtin___build_class__ /home/test/check/PythonASAN/Python/bltinmodule.c:170 #25 0x784f1a in ?? ??:0 #26 0x631f93 in _PyCFunction_FastCallDict /home/test/check/PythonASAN/Objects/methodobject.c:231 #27 0x631f93 in ?? ??:0 #28 0x7a7751 in call_function /home/test/check/PythonASAN/Python/ceval.c:4788 (discriminator 17) #29 0x7a7751 in ?? ??:0 #30 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #31 0x7995cc in ?? ??:0 #32 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #33 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #34 0x7a9847 in ?? ??:0 #35 0x78e0df in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140 #36 0x78e0df in PyEval_EvalCode /home/test/check/PythonASAN/Python/ceval.c:695 #37 0x78e0df in ?? ??:0 #38 0x5142f5 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:980 #39 0x5142f5 in PyRun_FileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:933 #40 0x5142f5 in ?? ??:0 #41 0x512afa in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:396 #42 0x512afa in ?? ??:0 #43 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320 #44 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780 #45 0x53eefd in ?? ??:0 #46 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69 #47 0x503d16 in ?? ??:0 #48 0x7fda5deaf82f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291 #49 0x7fda5deaf82f in ?? ??:0 #50 0x432548 in _start ??:? #51 0x432548 in ?? ??:0 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/home/test/check/PythonASAN/python+0x5e9304) ==18136==ABORTING ---------- components: Interpreter Core files: longobj_408 messages: 287335 nosy: beginvuln priority: normal severity: normal status: open title: AddressSanitizer: SEGV on unknown address 0x01ffe96de071 type: security versions: Python 3.6 Added file: http://bugs.python.org/file46591/longobj_408 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29496> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com