date:20170208

[issue29463] Add `docstring` attribute to AST nodes

2017-02-08 Thread STINNER Victor


STINNER Victor added the comment:

def func(): "doc" + "string"

Currently (Python 2.7-3.6), func.__doc__ is None. I suggest to add an unit test 
for this corner case, even if the result is going to change in a near future. 
We need to "specify" the expected behaviour, and make sure that we get the same 
result if optimizations are enabled or not.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19217] Calling assertEquals for moderately long list takes too long

2017-02-08 Thread STINNER Victor


Changes by STINNER Victor :


Added file: http://bugs.python.org/file46574/unified_diff.py

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19217] Calling assertEquals for moderately long list takes too long

2017-02-08 Thread STINNER Victor


STINNER Victor added the comment:

unittest_unified_diff.patch: Rebased patch for the default branch. My patch 
updates also unit tests.

The patch changes the test output. If we decide to apply the patch, I propose 
to only apply it to the default branch (Python 3.7).

The bug report is about a test which fails. I'm not sure that it's a real 
blocker issue that Python is slow when a test fails. At least, it should be 
fast when a test pass. I mean that I like the current output, I'm not sure 
about the new output.

Example with attached unified_diff.py.

Before:
@
F
==
FAIL: test_x (__main__.Test)
--
Traceback (most recent call last):
  File "unified_diff.py", line 5, in test_x
self.assertEqual([], [None])
AssertionError: Lists differ: [] != [None]

Second list contains 1 additional elements.
First extra element 0:
None

- []
+ [None]

--
Ran 1 test in 0.001s

FAILED (failures=1)
@

With the patch:
@
haypo@selma$ ./python unified_diff.py 
F
==
FAIL: test_x (__main__.Test)
--
Traceback (most recent call last):
  File "unified_diff.py", line 5, in test_x
self.assertEqual([], [None])
AssertionError: Lists differ: [] != [None]

Second list contains 1 additional elements.
First extra element 0:
None

--- 
+++ 
@@ -1 +1 @@
-[]
+[None]

--
Ran 1 test in 0.001s

FAILED (failures=1)
@


The patch adds the following header which can be suprising:
@
--- 
+++ 
@@ -1 +1 @@
@


Maybe we should pass a "file name" to unified_diff() to get something like:
@
--- expected
+++ got
@@ -1 +1 @@
@

--
Added file: http://bugs.python.org/file46573/unittest_unified_diff.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29438] use after free in key sharing dict

2017-02-08 Thread Serhiy Storchaka


Serhiy Storchaka added the comment:

Okay, if there is no way to test this with certainty, tests may be omitted.

Why res == 0 is added? If PyDict_SetItem() triggers recursive calling of 
_PyObjectDict_SetItem() which calls PyDict_SetItem() it may be possible that 
the first PyDict_SetItem() is failed while the dict is changed by the second 
PyDict_SetItem() and CACHED_KEYS(tp) becomes outdated.

--
assignee:  -> inada.naoki

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29438] use after free in key sharing dict

2017-02-08 Thread INADA Naoki


INADA Naoki added the comment:

> Why res == 0 is added? If PyDict_SetItem() triggers recursive calling of 
> _PyObjectDict_SetItem() which calls PyDict_SetItem() it may be possible that 
> the first PyDict_SetItem() is failed while the dict is changed by the second 
> PyDict_SetItem() and CACHED_KEYS(tp) becomes outdated.

To avoid hiding error raised in PyDict_SetItem().
But it seems I was too nervous.  The error will be hidden only when 
make_keys_shared() raise exception.
I'll remove the check.

BTW, how about -py35.patch?  It is minimum patch to avoid "use after free".  It 
skip 
CACHED_KEYS(tp) = NULL entirely.  But I think I can apply same patch to Python 
3.5 too.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29463] Add `docstring` attribute to AST nodes

2017-02-08 Thread Serhiy Storchaka


Serhiy Storchaka added the comment:

Support adding tests. Tests should cover all cases: module, class, function, 
coroutine and check also the first line number.

What is the value of co_firstlineno if the function doesn't have any statements?

def f():
'''docstring'''

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29438] use after free in key sharing dict

2017-02-08 Thread Serhiy Storchaka


Serhiy Storchaka added the comment:

I think same patch should be applied to Python 3.5 too.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29438] use after free in key sharing dict

2017-02-08 Thread Serhiy Storchaka


Changes by Serhiy Storchaka :


--
nosy: +Mark.Shannon, benjamin.peterson, rhettinger, tim.peters
versions: +Python 3.5

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29463] Add `docstring` attribute to AST nodes

2017-02-08 Thread INADA Naoki


INADA Naoki added the comment:

Oh, I misunderstood something.
patched Python 3.7 and system's Python 3.5 shows same output for code below.
I'll check what is actually changed.

inada-n@x250 ~/w/p/ast-docstring> cat -n x.py 
 1  """module docstring"""
 2  
 3  def func():
 4  """func docstring"""
 5  
 6  def func2():
 7  """func docstring"""
 8  1+1
 9  
10  print(func.__code__.co_firstlineno)
11  print(func.__code__.co_lnotab)
12  print(func2.__code__.co_firstlineno)
13  print(func2.__code__.co_lnotab)
inada-n@x250 ~/w/p/ast-docstring> ./python x.py 
3
b''
6
b'\x00\x02'
inada-n@x250 ~/w/p/ast-docstring> /usr/bin/python3 x.py 
3
b''
6
b'\x00\x02'

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29476] Simplify set_add_entry()

2017-02-08 Thread Serhiy Storchaka


Serhiy Storchaka added the comment:

Sets often are used in following pattern:

def recurse(obj):
if subobj not in proceeding:
proceeding.add(obj)
for subobj in links(obj):
recurse(subobj)
proceeding.discard(obj)

In this case items are added and removed in LIFO order. How this change affects 
this case?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29477] Lambda with complex arguments is ctx STORE

2017-02-08 Thread Malthe Borch


New submission from Malthe Borch:

Normally, lambda arguments (positional or keyword-based) are ctx PARAM, since 
they're parameters.

But complex (packed) arguments are ctx STORE.

This is a problem for AST transformation tools that can't reliably detect the 
name context.

--
components: Interpreter Core
messages: 287291
nosy: malthe
priority: normal
severity: normal
status: open
title: Lambda with complex arguments is ctx STORE
type: compile error
versions: Python 2.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29463] Add `docstring` attribute to AST nodes

2017-02-08 Thread STINNER Victor


STINNER Victor added the comment:

2017-02-08 10:08 GMT+01:00 INADA Naoki :
>  6  def func2():
>  7  """func docstring"""
>  8  1+1

1+1 is replaced with 2 and lone integer literals are removed by the
peephole optimizer. See also the issue #26204.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29463] Add `docstring` attribute to AST nodes

2017-02-08 Thread STINNER Victor


STINNER Victor added the comment:

Oops, I spoke too fast :-) "1+1" is not removed.

"1+1" is replaced with "2" by the peephole optimizer, whereas the compiler 
ignoring constants comes before the peephole optimizer.

One more time, it would be better to implement constant folding at the AST 
level ;-)

$ python3
Python 3.5.2 (default, Sep 14 2016, 11:28:32) 
>>> def func():
...  "docstring"
...  1+1
... 
>>> import dis
>>> dis.dis(func)
  3   0 LOAD_CONST   3 (2)
  3 POP_TOP
  4 LOAD_CONST   2 (None)
  7 RETURN_VALUE

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue12741] Add function similar to shutil.move that does not overwrite

2017-02-08 Thread Steven D'Aprano


Changes by Steven D'Aprano :


--
nosy: +steven.daprano

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue12741] Add function similar to shutil.move that does not overwrite

2017-02-08 Thread Steven D'Aprano


Changes by Steven D'Aprano :


--
versions: +Python 3.7 -Python 3.3

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29478] email.policy.Compat32(max_line_length=None) not as documented

2017-02-08 Thread Martin Panter


New submission from Martin Panter:

By default, the email package turns single-line header fields into multi-line 
ones to try and limit the length of each line. The documentation 

 says that setting the policy’s max_line_length attribute to None should 
prevent line wrapping. But this does not work:

>>> from email.policy import Compat32
>>> from email.message import Message
>>> from email.generator import Generator
>>> from sys import stdout
>>> p = Compat32(max_line_length=None)
>>> m = Message(p)
>>> m["Field"] = "x" * 100
>>> Generator(stdout).flatten(m)  # Field is split across two lines
Field: 
 


>>> 

A workaround is to specify zero instead:

>>> p = Compat32(max_line_length=0)
>>> Generator(stdout, policy=p).flatten(m)  # All on one line
Field: 


Quickly looking at the code, Compat32._fold() passes max_line_length straight 
to Header.encode(), which is documented as using None as a placeholder for its 
real default value of 76. So I think the solution would be to add a special 
case in _fold() to call encode(maxlinelen=0) if max_line_length is None.

--
components: email
messages: 287294
nosy: barry, martin.panter, r.david.murray
priority: normal
severity: normal
status: open
title: email.policy.Compat32(max_line_length=None) not as documented
type: behavior
versions: Python 3.5, Python 3.6, Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29479] httplib: could not skip "ACCEPT-ENCODING" header

2017-02-08 Thread song1st


New submission from song1st:

When I tried to skip "ACCEPT-ENCODING" of header, I found the behavior was not 
right.
I think the issue is the following two "if" in _send_request of httplib.

def _send_request(self, method, url, body, headers):
# Honor explicitly requested Host: and Accept-Encoding: headers.
header_names = dict.fromkeys([k.lower() for k in headers])
skips = {}
if 'host' in header_names:
skips['skip_host'] = 1
if 'accept-encoding' in header_names:
skips['skip_accept_encoding'] = 1

--
components: Library (Lib)
messages: 287295
nosy: song1st
priority: normal
severity: normal
status: open
title: httplib: could not skip "ACCEPT-ENCODING" header
type: behavior
versions: Python 2.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29479] httplib: could not skip "ACCEPT-ENCODING" header

2017-02-08 Thread Martin Panter


Martin Panter added the comment:

Please explain what the wrong behaviour that you see is, and what you expect 
the right behaviour should be.

That code is intended to either keep any user-supplied Accept-Encoding header 
field, or send “Accept-Encoding: identity” if the field is not supplied.

If you are looking for a way to avoid adding this field entirely, see the lower 
level putrequest() and related methods. This is documented behaviour: 
.

--
nosy: +martin.panter
stage:  -> test needed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26204] compiler: ignore constants used as statements (don't emit LOAD_CONST+POP_TOP)

2017-02-08 Thread STINNER Victor


STINNER Victor added the comment:

FYI the thread was in February 2016:
https://mail.python.org/pipermail/python-dev/2016-February/143163.html
"[Python-Dev] Issue #26204: compiler now emits a SyntaxWarning on constant 
statement"

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29479] httplib: could not skip "ACCEPT-ENCODING" header

2017-02-08 Thread song1st


song1st added the comment:

Sorry, I thought I misunderstood the meaning.

I want no "ACCEPT-ENCODING" even "ACCEPT-ENCODING: identity".
I tried to modify the code from 
if 'accept-encoding' in header_names:
to
if not 'accept-encoding' in header_names:

The http request will be no "ACCEPT-ENCODING".
This is what I want.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22594] Add a link to the regex module in re documentation

2017-02-08 Thread Marco Buttu


Marco Buttu added the comment:

> With the VERSION0 flag (the default behaviour), it should
> behave the same as the re module, and that's not going to change.

Thanks for the clarification Matthew. However, the default version will change, 
as the regex PyPI page points out: "In the short term this will be VERSION0, 
but in the longer term it will be VERSION1." I propose a patch that integrates 
the Brett suggestion.

--
Added file: http://bugs.python.org/file46575/regex_reference.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

2017-02-08 Thread Roundup Robot


Roundup Robot added the comment:

New changeset 88ed9d9eabc1 by Victor Stinner in branch 'default':
Issue #29306: Fix usage of Py_EnterRecursiveCall()
https://hg.python.org/cpython/rev/88ed9d9eabc1

--
nosy: +python-dev

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29474] Grammatical errors in weakref.WeakValueDictionary docs

2017-02-08 Thread Marco Buttu


Marco Buttu added the comment:

The second patch LGTM. In the first one there is a typo (see review).

--
nosy: +marco.buttu

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29480] Mac OSX Installer SSL Roots

2017-02-08 Thread Edward Ned Harvey


New submission from Edward Ned Harvey:

I would like to suggest that the OSX installer automatically run "Install 
Certificates.command", or display a prompt to users saying "Run Now" during 
installation.

Having the readme is helpful - but only after you google for 20 minutes, 
because of an exception you encountered. Of course nobody reads the readme 
during install. "I've installed python a thousand times before, I know what I'm 
doing."

There are so many things that require SSL, and it's reasonably assumed to be 
functional by default.

--
components: Installation
messages: 287302
nosy: rahvee
priority: normal
severity: normal
status: open
title: Mac OSX Installer SSL Roots
type: behavior
versions: Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

2017-02-08 Thread STINNER Victor


STINNER Victor added the comment:

I still need to backport fixes to Python 3.6, maybe even Python 3.5.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29466] pickle does not serialize Exception cause field

2017-02-08 Thread Serhiy Storchaka


Serhiy Storchaka added the comment:

True. Attributes __context__, __cause__ and __traceback__ are not pickled. The 
traceback objects are even not pickleable.

What is worse, some other non-special attributes are lost during pickling. For 
example name and path attributes of ImportError.

>>> try: import foo
... except Exception as ex: exc = ex
... 
>>> exc.name
'foo'
>>> exc.__reduce__()
(, ("No module named 'foo'",), {})

Or the value attribute of StopIteration if it was not passed to the constructor.

>>> exc = StopIteration()
>>> exc.value = 42
>>> exc.__reduce__()
(, (), {})

--
nosy: +brett.cannon, eric.snow, ncoghlan

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

2017-02-08 Thread Roundup Robot


Roundup Robot added the comment:


New changeset 65d24ff4bbd3320acadb58a5e4d944c84536cb2c by Victor Stinner in 
branch 'master':
Issue #29306: Fix usage of Py_EnterRecursiveCall()
https://github.com/python/cpython/commit/65d24ff4bbd3320acadb58a5e4d944c84536cb2c


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16011] "in" should be consistent with return value of contains

2017-02-08 Thread R. David Murray


R. David Murray added the comment:

You've got the right idea, but you are repeating yourself.  Keep it as short as 
possible while still conveying the correct information.  "coerce to boolean" is 
better than "apply bool", because the code may not in fact be using the bool 
function to do it.  Your "equivalent to" phrase would be OK as an alternative, 
but you only need to show the equivalence, no need to also explain it in words.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

2017-02-08 Thread STINNER Victor


STINNER Victor added the comment:

I needed this fix to work on issue #29465. I expected that my patch was 
reviewed, but woops, it wasn't the case and I missed a refleak. Hopefully, the 
refleak is now fixed!

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

2017-02-08 Thread Roundup Robot


Roundup Robot added the comment:

New changeset 37705f89c72b by Victor Stinner in branch 'default':
Fix refleaks if Py_EnterRecursiveCall() fails
https://hg.python.org/cpython/rev/37705f89c72b

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29477] Lambda with complex arguments is ctx STORE

2017-02-08 Thread R. David Murray


R. David Murray added the comment:

I presume this is a 2.7 only issue.  I'm pretty sure the 2.7 AST isn't going to 
get changed in 2.7 at this point.

--
nosy: +r.david.murray

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29478] email.policy.Compat32(max_line_length=None) not as documented

2017-02-08 Thread R. David Murray


R. David Murray added the comment:

That sounds reasonable to me.  Clearly there is a missing test :)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29480] Mac OSX Installer SSL Roots

2017-02-08 Thread R. David Murray


R. David Murray added the comment:

I thought there was an open issue for using the Apple cert mechanisms natively, 
but I can't find it.  Adding the OSX people to nosy.

--
components: +macOS
nosy: +ned.deily, r.david.murray, ronaldoussoren
versions: +Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29432] wait_for(gather(...)) logs weird error message

2017-02-08 Thread Martin Teichmann


Martin Teichmann added the comment:

I added a solution to this problem. I just silence the bad error message by 
overwriting _GatheringFuture.__del__ to do nothing. This may have undesired 
side effects, though.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29481] 3.6.0 doc describes 3.6.1 feature - typing.Deque

2017-02-08 Thread Guy Arad


New submission from Guy Arad:

See:
- https://docs.python.org/3.6/library/typing.html#typing.Deque
- https://docs.python.org/3.5/library/typing.html#typing.Deque

`typing.Deque` is expected to be included in 3.6.1:
https://docs.python.org/3/whatsnew/changelog.html#python-3-6-1-release-candidate-1

Please remove or specify the version in which it's going to be included.

--
assignee: docs@python
components: Documentation
messages: 287313
nosy: Guy Arad, docs@python
priority: normal
severity: normal
status: open
title: 3.6.0 doc describes 3.6.1 feature - typing.Deque
versions: Python 3.5, Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

2017-02-08 Thread Roundup Robot


Roundup Robot added the comment:


New changeset 1101819ba99afcb4d1b6495d49b17bdd0acfe761 by Victor Stinner in 
branch 'master':
Fix refleaks if Py_EnterRecursiveCall() fails
https://github.com/python/cpython/commit/1101819ba99afcb4d1b6495d49b17bdd0acfe761


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29481] 3.6.0 doc describes 3.6.1 feature - typing.Deque

2017-02-08 Thread Raymond Hettinger


Changes by Raymond Hettinger :


--
assignee: docs@python -> rhettinger
nosy: +rhettinger

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue1353344] python.desktop

2017-02-08 Thread Petr Viktorin


Changes by Petr Viktorin :


--
nosy: +ncoghlan

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28686] py.exe ignored PATH when using python3 shebang

2017-02-08 Thread Eryk Sun


Eryk Sun added the comment:

> it's not possible to tell by inspection the version of a Python 
> interpreter.

If getting the version of python[w].exe is ever required, it should be simple 
for 3.5+, for which python[w].exe has standard file version information with 
the product version (i.e. GetFileVersionInfo, etc). 

For older versions you could walk the EXE's import directory, looking for a 
dependency on pythonXY.dll. First map the executable as data via CreateFileW, 
CreateFileMapping, and MapViewOfFile. Next get pointers to the IMAGE_NT_HEADERS 
and the first IMAGE_IMPORT_DESCRIPTOR via ImageNtHeader and 
ImageDirectoryEntryToData. Finally, walk the array of import descriptors (while 
the "Characteristics" field isn't 0) to get the "Name" of each DLL dependency. 
It's a relative address that can be converted to a char pointer via 
ImageRvaToVa. Using relative addresses allows this to work if a 32-bit 
application is inspecting a 64-bit image and vice versa.

That said, it's far simpler to just support versioned executable names (e.g. 
python3.exe, python3.6.exe, python3.6-32.exe, pythonw3.exe, pythonw3.6.exe, 
pythonw3.6-32.exe). Even if we don't install links/copies with these names, I 
don't see the harm in allowing the launcher to look for them. Users can create 
the links manually; I've seen people on SO that do this. I'm uploading a patch 
that implements this for "env" shebangs.

--
keywords: +patch
Added file: http://bugs.python.org/file46576/issue_28686_01.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29482] AddressSanitizer: attempting double-free on 0x60b000007050

2017-02-08 Thread xGblankGx


New submission from xGblankGx:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make



GDB:
To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGABRT, Aborted.
0x77116418 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/unix/sysv/linux/raise.c:54
Description: Heap error
Short description: HeapError (10/22)
Hash: fb83ab1a4cc8eeff85970c4e8a40accc.0c71313476b72a94b16ca488bd78a548
Exploitability Classification: EXPLOITABLE
Explanation: The target's backtrace indicates that libc has detected a heap 
error or that the target was executing a heap function when it stopped. This 
could be due to heap corruption, passing a bad pointer to a heap function such 
as free(), etc. Since heap errors might include buffer overflows, 
use-after-free situations, etc. they are generally considered exploitable.
Other tags: AbortSignal (20/22)


ASAN:
...E=
==18791==ERROR: AddressSanitizer: attempting double-free on 0x60b07050 in 
thread T0:
#0 0x4d24f0 in __interceptor_cfree.localalias.0 asan_malloc_linux.cc.o:?
#1 0x4d24f0 in ?? ??:0
#2 0x7f1f02ff8e3f in ffi_call_unix64 ??:?
#3 0x7f1f02ff8e3f in ?? ??:0
#4 0x7f1f02ff88aa in ffi_call ??:?
#5 0x7f1f02ff88aa in ?? ??:0
#6 0x7f1f03226311 in _call_function_pointer 
/home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809
#7 0x7f1f03226311 in _ctypes_callproc 
/home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147
#8 0x7f1f03226311 in ?? ??:0
#9 0x7f1f03215199 in PyCFuncPtr_call 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870
#10 0x7f1f03215199 in ?? ??:0
#11 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#12 0x5745f0 in ?? ??:0
#13 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#14 0x7a7429 in ?? ??:0
#15 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#16 0x7995cc in ?? ??:0
#17 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#18 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#19 0x7ab4cb in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4905
#20 0x7ab4cb in ?? ??:0
#21 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#22 0x7a76f2 in ?? ??:0
#23 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#24 0x7995cc in ?? ??:0
#25 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#26 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#27 0x7a9847 in ?? ??:0
#28 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#29 0x7ac2ea in ?? ??:0
#30 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#31 0x574668 in ?? ??:0
#32 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#33 0x5749fa in ?? ??:0
#34 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#35 0x573e9b in ?? ??:0
#36 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#37 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#38 0x793369 in ?? ??:0
#39 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#40 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#41 0x7a9847 in ?? ??:0
#42 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#43 0x7ac2ea in ?? ??:0
#44 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#45 0x574668 in ?? ??:0
#46 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#47 0x5749fa in ?? ??:0
#48 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#49 0x573e9b in ?? ??:0
#50 0x66efe4 in slot_tp_call 
/home/test/check/Pyt

[issue29483] AddressSanitizer: heap-buffer-overflow on address 0x60200000e731

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB:

ASAN:
=
==17856==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x6020e731 at pc 0x004bc3ad bp 0x7ffe8a4e7d10 sp 0x7ffe8a4e74c0
READ of size 11 at 0x6020e731 thread T0
#0 0x4bc3ac in __asan_memcpy ??:?
#1 0x4bc3ac in ?? ??:0
#2 0x58bbb7 in PyBytes_FromStringAndSize 
/home/test/check/PythonASAN/Objects/bytesobject.c:123
#3 0x58bbb7 in ?? ??:0
#4 0x79987c in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:1458 (discriminator 1)
#5 0x79987c in ?? ??:0
#6 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#7 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#8 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
#9 0x7ab4cb in ?? ??:0
#10 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#11 0x7a76f2 in ?? ??:0
#12 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#13 0x7995cc in ?? ??:0
#14 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#15 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#16 0x7a9847 in ?? ??:0
#17 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#18 0x7ac2ea in ?? ??:0
#19 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#20 0x574668 in ?? ??:0
#21 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#22 0x5749fa in ?? ??:0
#23 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#24 0x573e9b in ?? ??:0
#25 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#26 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#27 0x793369 in ?? ??:0
#28 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#29 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#30 0x7a9847 in ?? ??:0
#31 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#32 0x7ac2ea in ?? ??:0
#33 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#34 0x574668 in ?? ??:0
#35 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#36 0x5749fa in ?? ??:0
#37 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#38 0x573e9b in ?? ??:0
#39 0x66efe4 in slot_tp_call 
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#40 0x66efe4 in ?? ??:0
#41 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#42 0x5745f0 in ?? ??:0
#43 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#44 0x7a7429 in ?? ??:0
#45 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#46 0x7995cc in ?? ??:0
#47 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#48 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#49 0x7a9847 in ?? ??:0
#50 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#51 0x7ac2ea in ?? ??:0
#52 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#53 0x574668 in ?? ??:0
#54 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#55 0x5749fa in ?? ??:0
#56 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#57 0x573e9b in ?? ??:0
#58 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#59 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#60 0x793369 in ?? ??:0
#61 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#62 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#63 0x7a9847 in ?? ??:0
#64 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#65 0x7ac2ea in ?? ??:0
#66 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#67 0x574668 in ?? ??:0
#68 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#69 0x5749fa in ?? ??:0
#70 0x573e

[issue29484] AddressSanitizer: heap-buffer-overflow on address 0x60200000e738

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
PyBytes_FromStringAndSize (str=0xa76000 , size=1) at Objects/bytesobject.c:108
108 (op = characters[*str & UCHAR_MAX]) != NULL)
Description: Access violation on source operand
Short description: SourceAv (19/22)
Hash: 4b7ecbff5972b39c26f6e0cf37443391.86c50dffa4bdc3a046d693db2d45a01e
Exploitability Classification: UNKNOWN
Explanation: The target crashed on an access violation at an address matching 
the source operand of the current instruction. This likely indicates a read 
access violation.
Other tags: AccessViolation (21/22)


ASAN:
=
==18067==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x6020e738 at pc 0x0058bc2b bp 0x7ffe3c2965d0 sp 0x7ffe3c2965c8
READ of size 1 at 0x6020e738 thread T0
#0 0x58bc2a in PyBytes_FromStringAndSize 
/home/test/check/PythonASAN/Objects/bytesobject.c:108
#1 0x58bc2a in ?? ??:0
#2 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#3 0x5745f0 in ?? ??:0
#4 0x677108 in slot_sq_item 
/home/test/check/PythonASAN/Objects/typeobject.c:5876
#5 0x677108 in ?? ??:0
#6 0x5d9714 in iter_iternext 
/home/test/check/PythonASAN/Objects/iterobject.c:63
#7 0x5d9714 in ?? ??:0
#8 0x571fe3 in PyIter_Next 
/home/test/check/PythonASAN/Objects/abstract.c:3146
#9 0x571fe3 in PySequence_Tuple 
/home/test/check/PythonASAN/Objects/abstract.c:1797
#10 0x571fe3 in ?? ??:0
#11 0x7ff6988bd4cf in converters_from_argtypes 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2165
#12 0x7ff6988bd4cf in ?? ??:0
#13 0x7ff6988be677 in PyCFuncPtr_set_argtypes 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3036
#14 0x7ff6988be677 in ?? ??:0
#15 0x63b1e7 in _PyObject_GenericSetAttrWithDict 
/home/test/check/PythonASAN/Objects/object.c:1152
#16 0x63b1e7 in ?? ??:0
#17 0x639d52 in PyObject_SetAttr 
/home/test/check/PythonASAN/Objects/object.c:932
#18 0x639d52 in ?? ??:0
#19 0x79ad9e in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:2249
#20 0x79ad9e in ?? ??:0
#21 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#22 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#23 0x7ab4cb in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4905
#24 0x7ab4cb in ?? ??:0
#25 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#26 0x7a76f2 in ?? ??:0
#27 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#28 0x7995cc in ?? ??:0
#29 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#30 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#31 0x7a9847 in ?? ??:0
#32 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#33 0x7ac2ea in ?? ??:0
#34 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#35 0x574668 in ?? ??:0
#36 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#37 0x5749fa in ?? ??:0
#38 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#39 0x573e9b in ?? ??:0
#40 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#41 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#42 0x793369 in ?? ??:0
#43 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#44 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#45 0x7a9847 in ?? ??:0
#46 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#47 0x7ac2ea in ?? ??:0
#48 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#49 0x57

[issue29485] AddressSanitizer: SEGV on unknown address 0x7fab556df550

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
z_get (ptr=0x75bba5d8, size=8) at 
/home/test/check/PythonGDB/Modules/_ctypes/cfield.c:1336
1336if (*(void **)ptr) {
Description: Access violation on source operand
Short description: SourceAv (19/22)
Hash: 3930661c9a0f4c1f31bb4f2341bca47f.d4e21449248c6102834e8b566f6b2ac9
Exploitability Classification: UNKNOWN
Explanation: The target crashed on an access violation at an address matching 
the source operand of the current instruction. This likely indicates a read 
access violation.
Other tags: AccessViolation (21/22)


ASAN:

ASAN:DEADLYSIGNAL
=
==18885==ERROR: AddressSanitizer: SEGV on unknown address 0x7fab556df550 (pc 
0x7fab558d0cd1 bp 0x7fab5a4b0b90 sp 0x7ffc9cbcc220 T0)
#0 0x7fab558d0cd0 in z_get 
/home/test/check/PythonASAN/Modules/_ctypes/cfield.c:1336
#1 0x7fab558d0cd0 in ?? ??:0
#2 0x63ac07 in _PyObject_GenericGetAttrWithDict 
/home/test/check/PythonASAN/Objects/object.c:1060
#3 0x63ac07 in ?? ??:0
#4 0x7966cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:2815 (discriminator 1)
#5 0x7966cc in ?? ??:0
#6 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#7 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#8 0x7a9847 in ?? ??:0
#9 0x7ab648 in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#10 0x7ab648 in ?? ??:0
#11 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#12 0x7a76f2 in ?? ??:0
#13 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#14 0x7995cc in ?? ??:0
#15 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#16 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#17 0x7a9847 in ?? ??:0
#18 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#19 0x7ac2ea in ?? ??:0
#20 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#21 0x574668 in ?? ??:0
#22 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#23 0x5749fa in ?? ??:0
#24 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#25 0x573e9b in ?? ??:0
#26 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#27 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#28 0x793369 in ?? ??:0
#29 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#30 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#31 0x7a9847 in ?? ??:0
#32 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#33 0x7ac2ea in ?? ??:0
#34 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#35 0x574668 in ?? ??:0
#36 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#37 0x5749fa in ?? ??:0
#38 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#39 0x573e9b in ?? ??:0
#40 0x66efe4 in slot_tp_call 
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#41 0x66efe4 in ?? ??:0
#42 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#43 0x5745f0 in ?? ??:0
#44 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#45 0x7a7429 in ?? ??:0
#46 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#47 0x7995cc in ?? ??:0
#48 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#49 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#50 0x7a9

[issue29486] AddressSanitizer: SEGV on unknown address 0x7f16f88e3560

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGBUS, Bus error.
0x763a6dfe in i_set (ptr=0x8007f5b3f5e8, value=, size=4) 
at /home/test/check/PythonGDB/Modules/_ctypes/cfield.c:650
650 x = SET(int, x, val, size);
Description: Access violation
Short description: AccessViolation (21/22)
Hash: 0e6533f2dc6ec45bf8aced4adaa8169a.5ae343e4a8ceeca018e7fc78f552033e
Exploitability Classification: UNKNOWN
Explanation: The target crashed due to an access violation but there is not 
enough additional information available to determine exploitability.


ASAN:

ASAN:DEADLYSIGNAL
=
==18660==ERROR: AddressSanitizer: SEGV on unknown address 0x7f16f88e3560 (pc 
0x7f0ef90f6e68 bp 0x61935c98 sp 0x7ffe7b44e2e0 T0)
#0 0x7f0ef90f6e67 in i_set 
/home/test/check/PythonASAN/Modules/_ctypes/cfield.c:651
#1 0x7f0ef90f6e67 in ?? ??:0
#2 0x7f0ef90da8ea in PyCData_set 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2916
#3 0x7f0ef90da8ea in ?? ??:0
#4 0x7f0ef90f5470 in PyCField_set 
/home/test/check/PythonASAN/Modules/_ctypes/cfield.c:216
#5 0x7f0ef90f5470 in ?? ??:0
#6 0x63b1e7 in _PyObject_GenericSetAttrWithDict 
/home/test/check/PythonASAN/Objects/object.c:1152
#7 0x63b1e7 in ?? ??:0
#8 0x639d52 in PyObject_SetAttr 
/home/test/check/PythonASAN/Objects/object.c:932
#9 0x639d52 in ?? ??:0
#10 0x79ad9e in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:2249
#11 0x79ad9e in ?? ??:0
#12 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#13 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#14 0x7a9847 in ?? ??:0
#15 0x7ab648 in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#16 0x7ab648 in ?? ??:0
#17 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#18 0x7a76f2 in ?? ??:0
#19 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#20 0x7995cc in ?? ??:0
#21 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#22 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#23 0x7a9847 in ?? ??:0
#24 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#25 0x7ac2ea in ?? ??:0
#26 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#27 0x574668 in ?? ??:0
#28 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#29 0x5749fa in ?? ??:0
#30 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#31 0x573e9b in ?? ??:0
#32 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#33 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#34 0x793369 in ?? ??:0
#35 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#36 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#37 0x7a9847 in ?? ??:0
#38 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#39 0x7ac2ea in ?? ??:0
#40 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#41 0x574668 in ?? ??:0
#42 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#43 0x5749fa in ?? ??:0
#44 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#45 0x573e9b in ?? ??:0
#46 0x66efe4 in slot_tp_call 
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#47 0x66efe4 in ?? ??:0
#48 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#49 0x5745f0 in ?? ??:0
#50 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#51 0x7a7429 in ?? ??:0
#5

[issue29487] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Inferior 1 (process 19362) exited with code 01]


ASAN:

=
==18038==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x6020e734 at pc 0x7fbe64d4ef87 bp 0x7ffdd65d7190 sp 0x7ffdd65d7188
READ of size 4 at 0x6020e734 thread T0
#0 0x7fbe64d4ef86 in i_get 
/home/test/check/PythonASAN/Modules/_ctypes/cfield.c:675
#1 0x7fbe64d4ef86 in ?? ??:0
#2 0x7fbe64d40dca in Pointer_subscript 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:5026 (discriminator 1)
#3 0x7fbe64d40dca in ?? ??:0
#4 0x79987c in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:1458 (discriminator 1)
#5 0x79987c in ?? ??:0
#6 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#7 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#8 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
#9 0x7ab4cb in ?? ??:0
#10 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#11 0x7a76f2 in ?? ??:0
#12 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#13 0x7995cc in ?? ??:0
#14 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#15 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#16 0x7a9847 in ?? ??:0
#17 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#18 0x7ac2ea in ?? ??:0
#19 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#20 0x574668 in ?? ??:0
#21 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#22 0x5749fa in ?? ??:0
#23 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#24 0x573e9b in ?? ??:0
#25 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#26 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#27 0x793369 in ?? ??:0
#28 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#29 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#30 0x7a9847 in ?? ??:0
#31 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#32 0x7ac2ea in ?? ??:0
#33 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#34 0x574668 in ?? ??:0
#35 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#36 0x5749fa in ?? ??:0
#37 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#38 0x573e9b in ?? ??:0
#39 0x66efe4 in slot_tp_call 
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#40 0x66efe4 in ?? ??:0
#41 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#42 0x5745f0 in ?? ??:0
#43 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#44 0x7a7429 in ?? ??:0
#45 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#46 0x7995cc in ?? ??:0
#47 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#48 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#49 0x7a9847 in ?? ??:0
#50 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#51 0x7ac2ea in ?? ??:0
#52 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#53 0x574668 in ?? ??:0
#54 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#55 0x5749fa in ?? ??:0
#56 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#57 0x573e9b in ?? ??:0
#58 0x793369 in do_call_core /ho

[issue29488] AddressSanitizer: SEGV on unknown address 0x0001a5525c1b

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x7639c455 in PyCData_clear (self=0x75b3f510) at 
/home/test/check/PythonGDB/Modules/_ctypes/_ctypes.c:2497
2497Py_CLEAR(self->b_objects);
Description: Access violation on destination operand
Short description: DestAv (8/22)
Hash: 8dc538f2a05876e51d4aacf57c47935b.6a0f7d54d57adbe0b04a497a3ee9c96c
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching 
the destination operand of the instruction. This likely indicates a write 
access violation, which means the attacker may control the write address and/or 
value.
Other tags: AccessViolation (21/22)


ASAN:

ASAN:DEADLYSIGNAL
=
==18570==ERROR: AddressSanitizer: SEGV on unknown address 0x0001a5525c1b (pc 
0x7f922b0d9c62 bp 0x7f922b0d9c20 sp 0x7ffc440acf10 T0)
#0 0x7f922b0d9c61 in PyCData_clear 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2497 (discriminator 3)
#1 0x7f922b0d9c61 in PyCData_dealloc 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2509 (discriminator 3)
#2 0x7f922b0d9c61 in ?? ??:0
#3 0x65d51a in subtype_dealloc 
/home/test/check/PythonASAN/Objects/typeobject.c:1222
#4 0x65d51a in ?? ??:0
#5 0x60fb27 in free_keys_object 
/home/test/check/PythonASAN/Objects/dictobject.c:561 (discriminator 5)
#6 0x60fb27 in ?? ??:0
#7 0x6163fa in dict_dealloc 
/home/test/check/PythonASAN/Objects/dictobject.c:1933 (discriminator 1)
#8 0x6163fa in ?? ??:0
#9 0x7f922b0d9ca8 in PyCData_clear 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2497 (discriminator 5)
#10 0x7f922b0d9ca8 in PyCData_dealloc 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2509 (discriminator 5)
#11 0x7f922b0d9ca8 in ?? ??:0
#12 0x65d51a in subtype_dealloc 
/home/test/check/PythonASAN/Objects/typeobject.c:1222
#13 0x65d51a in ?? ??:0
#14 0x5d10da in frame_dealloc 
/home/test/check/PythonASAN/Objects/frameobject.c:423 (discriminator 5)
#15 0x5d10da in ?? ??:0
#16 0x7a98ca in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4130 (discriminator 3)
#17 0x7a98ca in ?? ??:0
#18 0x7ab648 in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#19 0x7ab648 in ?? ??:0
#20 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#21 0x7a76f2 in ?? ??:0
#22 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#23 0x7995cc in ?? ??:0
#24 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#25 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#26 0x7a9847 in ?? ??:0
#27 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#28 0x7ac2ea in ?? ??:0
#29 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#30 0x574668 in ?? ??:0
#31 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#32 0x5749fa in ?? ??:0
#33 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#34 0x573e9b in ?? ??:0
#35 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#36 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#37 0x793369 in ?? ??:0
#38 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#39 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#40 0x7a9847 in ?? ??:0
#41 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#42 0x7ac2ea in ?? ??:0
#43 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#44 0x574668 in ?? ??:0
#45 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/

[issue29489] AddressSanitizer: SEGV on unknown address 0x7f4a36c604d0

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x75d87282 in Pointer_item (index=32767, myself=0x75b3b620) at 
/home/test/check/PythonGDB/Modules/_ctypes/_ctypes.c:4748
4748if (*(void **)self->b_ptr == NULL) {
Description: Access violation on destination operand
Short description: DestAv (8/22)
Hash: 6d733dd19a93baf3031238df7085b89d.f931e2f4bcacefcb07769ddcf0b1360f
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching 
the destination operand of the instruction. This likely indicates a write 
access violation, which means the attacker may control the write address and/or 
value.
Other tags: AccessViolation (21/22)


ASAN:

ASAN:DEADLYSIGNAL
=
==18357==ERROR: AddressSanitizer: SEGV on unknown address 0x7f4a36c604d0 (pc 
0x7f4a36e40562 bp 0x7ffc8c278530 sp 0x7ffc8c278060 T0)
#0 0x7f4a36e40561 in Pointer_item 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:4748
#1 0x7f4a36e40561 in ?? ??:0
#2 0x79987c in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:1458 (discriminator 1)
#3 0x79987c in ?? ??:0
#4 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#5 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#6 0x7a9847 in ?? ??:0
#7 0x7ab648 in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#8 0x7ab648 in ?? ??:0
#9 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#10 0x7a76f2 in ?? ??:0
#11 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#12 0x7995cc in ?? ??:0
#13 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#14 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#15 0x7a9847 in ?? ??:0
#16 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#17 0x7ac2ea in ?? ??:0
#18 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#19 0x574668 in ?? ??:0
#20 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#21 0x5749fa in ?? ??:0
#22 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#23 0x573e9b in ?? ??:0
#24 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#25 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#26 0x793369 in ?? ??:0
#27 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#28 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#29 0x7a9847 in ?? ??:0
#30 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#31 0x7ac2ea in ?? ??:0
#32 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#33 0x574668 in ?? ??:0
#34 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#35 0x5749fa in ?? ??:0
#36 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#37 0x573e9b in ?? ??:0
#38 0x66efe4 in slot_tp_call 
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#39 0x66efe4 in ?? ??:0
#40 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#41 0x5745f0 in ?? ??:0
#42 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#43 0x7a7429 in ?? ??:0
#44 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#45 0x7995cc in ?? ??:0
#46 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#47 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#48 0x

[issue29485] AddressSanitizer: SEGV on unknown address 0x7fab556df550

2017-02-08 Thread Stéphane Wirtel


Stéphane Wirtel added the comment:

See #issue29486

--
nosy: +matrixise
resolution:  -> duplicate
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29483] AddressSanitizer: heap-buffer-overflow on address 0x60200000e731

2017-02-08 Thread Christian Heimes


Christian Heimes added the comment:

_ctypes_test is an internal test helper module. It's not designed to be used 
outside of tests. The module contains quick and dirty C code for tests. Any bug 
in _ctypes_test is not a security bug.

Feel free to contribute better code, though.

--
components: +Tests -Interpreter Core
nosy: +christian.heimes
priority: normal -> low

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29490] AddressSanitizer: heap-buffer-overflow on address 0x60200000e72f

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Inferior 1 (process 19391) exited with code 01]


ASAN:

=
==17908==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x6020e72f at pc 0x7f191d68154b bp 0x7ffd5c1c7e60 sp 0x7ffd5c1c7e58
READ of size 1 at 0x6020e72f thread T0
#0 0x7f191d68154a in Pointer_subscript 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:4992
#1 0x7f191d68154a in ?? ??:0
#2 0x79987c in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:1458 (discriminator 1)
#3 0x79987c in ?? ??:0
#4 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#5 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#6 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
#7 0x7ab4cb in ?? ??:0
#8 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#9 0x7a76f2 in ?? ??:0
#10 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#11 0x7995cc in ?? ??:0
#12 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#13 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#14 0x7a9847 in ?? ??:0
#15 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#16 0x7ac2ea in ?? ??:0
#17 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#18 0x574668 in ?? ??:0
#19 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#20 0x5749fa in ?? ??:0
#21 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#22 0x573e9b in ?? ??:0
#23 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#24 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#25 0x793369 in ?? ??:0
#26 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#27 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#28 0x7a9847 in ?? ??:0
#29 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#30 0x7ac2ea in ?? ??:0
#31 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#32 0x574668 in ?? ??:0
#33 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#34 0x5749fa in ?? ??:0
#35 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#36 0x573e9b in ?? ??:0
#37 0x66efe4 in slot_tp_call 
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#38 0x66efe4 in ?? ??:0
#39 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#40 0x5745f0 in ?? ??:0
#41 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#42 0x7a7429 in ?? ??:0
#43 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#44 0x7995cc in ?? ??:0
#45 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#46 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#47 0x7a9847 in ?? ??:0
#48 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#49 0x7ac2ea in ?? ??:0
#50 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#51 0x574668 in ?? ??:0
#52 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#53 0x5749fa in ?? ??:0
#54 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#55 0x573e9b in ?? ??:0
#56 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#57 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357

[issue29491] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Inferior 1 (process 19397) exited with code 01]


ASAN:

=
==17935==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x6020e734 at pc 0x7f6e87941564 bp 0x7fff533392c0 sp 0x7fff533392b8
READ of size 4 at 0x6020e734 thread T0
#0 0x7f6e87941563 in Pointer_subscript 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:5013
#1 0x7f6e87941563 in ?? ??:0
#2 0x79987c in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:1458 (discriminator 1)
#3 0x79987c in ?? ??:0
#4 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#5 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#6 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
#7 0x7ab4cb in ?? ??:0
#8 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#9 0x7a76f2 in ?? ??:0
#10 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#11 0x7995cc in ?? ??:0
#12 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#13 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#14 0x7a9847 in ?? ??:0
#15 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#16 0x7ac2ea in ?? ??:0
#17 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#18 0x574668 in ?? ??:0
#19 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#20 0x5749fa in ?? ??:0
#21 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#22 0x573e9b in ?? ??:0
#23 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#24 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#25 0x793369 in ?? ??:0
#26 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#27 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#28 0x7a9847 in ?? ??:0
#29 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#30 0x7ac2ea in ?? ??:0
#31 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#32 0x574668 in ?? ??:0
#33 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#34 0x5749fa in ?? ??:0
#35 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#36 0x573e9b in ?? ??:0
#37 0x66efe4 in slot_tp_call 
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#38 0x66efe4 in ?? ??:0
#39 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#40 0x5745f0 in ?? ??:0
#41 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#42 0x7a7429 in ?? ??:0
#43 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#44 0x7995cc in ?? ??:0
#45 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#46 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#47 0x7a9847 in ?? ??:0
#48 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#49 0x7ac2ea in ?? ??:0
#50 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#51 0x574668 in ?? ??:0
#52 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#53 0x5749fa in ?? ??:0
#54 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#55 0x573e9b in ?? ??:0
#56 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#57 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357

[issue29484] AddressSanitizer: heap-buffer-overflow on address 0x60200000e738

2017-02-08 Thread Christian Heimes


Christian Heimes added the comment:

_ctypes_test is an internal test helper module. It's not designed to be used 
outside of tests. The module contains quick and dirty C code for tests. Any bug 
in _ctypes_test is not a security bug.

Feel free to contribute better code, though.

--
components: +Tests -Interpreter Core
nosy: +christian.heimes
priority: normal -> low

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29491] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

2017-02-08 Thread BeginVuln


Changes by BeginVuln :


--
type:  -> security

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29492] AddressSanitizer: SEGV on unknown address 0x0000a0013639

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x0049b304 in dict_dealloc (mp=0x75b44510) at 
Objects/dictobject.c:1925
1925Py_XDECREF(values[i]);
Description: Access violation during branch instruction
Short description: BranchAv (4/22)
Hash: 88d6a4b120e0fabdcb9b56178f8ef166.2c4f31b17f90f974f2ff23d3286fcbbd
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on a branch instruction, which may indicate 
that the control flow is tainted.
Other tags: DestAv (8/22), AccessViolation (21/22)


ASAN:

ASAN:DEADLYSIGNAL
=
==18235==ERROR: AddressSanitizer: SEGV on unknown address 0xa0013639 (pc 
0x0061637c bp 0x7efd09781be8 sp 0x7ffe3da51c50 T0)
#0 0x61637b in dict_dealloc 
/home/test/check/PythonASAN/Objects/dictobject.c:1925 (discriminator 5)
#1 0x61637b in ?? ??:0
#2 0x65d3b9 in subtype_dealloc 
/home/test/check/PythonASAN/Objects/typeobject.c:1207 (discriminator 3)
#3 0x65d3b9 in ?? ??:0
#4 0x5d10da in frame_dealloc 
/home/test/check/PythonASAN/Objects/frameobject.c:423 (discriminator 5)
#5 0x5d10da in ?? ??:0
#6 0x7a98ca in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4130 (discriminator 3)
#7 0x7a98ca in ?? ??:0
#8 0x7ab648 in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#9 0x7ab648 in ?? ??:0
#10 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#11 0x7a76f2 in ?? ??:0
#12 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#13 0x7995cc in ?? ??:0
#14 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#15 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#16 0x7a9847 in ?? ??:0
#17 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#18 0x7ac2ea in ?? ??:0
#19 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#20 0x574668 in ?? ??:0
#21 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#22 0x5749fa in ?? ??:0
#23 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#24 0x573e9b in ?? ??:0
#25 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#26 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#27 0x793369 in ?? ??:0
#28 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#29 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#30 0x7a9847 in ?? ??:0
#31 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#32 0x7ac2ea in ?? ??:0
#33 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#34 0x574668 in ?? ??:0
#35 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#36 0x5749fa in ?? ??:0
#37 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#38 0x573e9b in ?? ??:0
#39 0x66efe4 in slot_tp_call 
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#40 0x66efe4 in ?? ??:0
#41 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#42 0x5745f0 in ?? ??:0
#43 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#44 0x7a7429 in ?? ??:0
#45 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#46 0x7995cc in ?? ??:0
#47 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#48 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#49 0x7a9847 in ?? ??:0
#50 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Pytho

[issue29493] AddressSanitizer: SEGV on unknown address 0x000cffff800d

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x0043d563 in PyObject_GC_UnTrack (op=0x73810400) at 
Modules/gcmodule.c:1699
1699_PyObject_GC_UNTRACK(op);
Description: Access violation on destination operand
Short description: DestAv (8/22)
Hash: a30125899c34aa234161214a7afc7066.d78488ccad0508b81b411140385e7113
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching 
the destination operand of the instruction. This likely indicates a write 
access violation, which means the attacker may control the write address and/or 
value.
Other tags: AccessViolation (21/22)


ASAN:

EsFASAN:DEADLYSIGNAL
=
==18094==ERROR: AddressSanitizer: SEGV on unknown address 0x000c800d (pc 
0x00543039 bp 0x0fec572c0c81 sp 0x7ffc421b9cf0 T0)
#0 0x543038 in PyObject_GC_UnTrack 
/home/test/check/PythonASAN/Modules/gcmodule.c:1699 (discriminator 4)
#1 0x543038 in ?? ??:0
#2 0x65ca2f in subtype_dealloc 
/home/test/check/PythonASAN/Objects/typeobject.c:1133
#3 0x65ca2f in ?? ??:0
#4 0x5d10da in frame_dealloc 
/home/test/check/PythonASAN/Objects/frameobject.c:423 (discriminator 5)
#5 0x5d10da in ?? ??:0
#6 0x5304c4 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:55 
(discriminator 5)
#7 0x5304c4 in ?? ??:0
#8 0x530456 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:54 
(discriminator 5)
#9 0x530456 in ?? ??:0
#10 0x530456 in tb_dealloc 
/home/test/check/PythonASAN/Python/traceback.c:54 (discriminator 5)
#11 0x530456 in ?? ??:0
#12 0x5b3b49 in BaseException_clear 
/home/test/check/PythonASAN/Objects/exceptions.c:76 (discriminator 5)
#13 0x5b3b49 in ?? ??:0
#14 0x5b3742 in BaseException_dealloc 
/home/test/check/PythonASAN/Objects/exceptions.c:86
#15 0x5b3742 in ?? ??:0
#16 0x656df9 in tupledealloc 
/home/test/check/PythonASAN/Objects/tupleobject.c:243 (discriminator 5)
#17 0x656df9 in ?? ??:0
#18 0x656df9 in tupledealloc 
/home/test/check/PythonASAN/Objects/tupleobject.c:243 (discriminator 5)
#19 0x656df9 in ?? ??:0
#20 0x5e5c19 in list_clear 
/home/test/check/PythonASAN/Objects/listobject.c:562 (discriminator 5)
#21 0x5e5c19 in listclear 
/home/test/check/PythonASAN/Objects/listobject.c:763 (discriminator 5)
#22 0x5e5c19 in ?? ??:0
#23 0x632208 in _PyCFunction_FastCallDict 
/home/test/check/PythonASAN/Objects/methodobject.c:192
#24 0x632208 in ?? ??:0
#25 0x7a7751 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4788 (discriminator 17)
#26 0x7a7751 in ?? ??:0
#27 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#28 0x7995cc in ?? ??:0
#29 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#30 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#31 0x7a9847 in ?? ??:0
#32 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#33 0x7ac2ea in ?? ??:0
#34 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#35 0x574668 in ?? ??:0
#36 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#37 0x5749fa in ?? ??:0
#38 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#39 0x573e9b in ?? ??:0
#40 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#41 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#42 0x793369 in ?? ??:0
#43 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#44 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#45 0x7a9847 in ?? ??:0
#46 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#47 0x7ac2ea in ?? ?

[issue29492] AddressSanitizer: SEGV on unknown address 0x0000a0013639

2017-02-08 Thread Christian Heimes


Christian Heimes added the comment:

Please stop flooding the bug tracker with automated messages. All your 
'exploits' are using ctypes. ctypes code is not memory safe and can easily 
trigger all sorts of bugs and crashes.

--
nosy: +christian.heimes

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29494] AddressSanitizer: SEGV on unknown address 0x00009fff8001

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
visit_decref (op=0x1, data=0x0) at Modules/gcmodule.c:374
374 if (PyObject_IS_GC(op)) {
Description: Access violation on source operand
Short description: SourceAv (19/22)
Hash: 5ae0cf182ca6c91339ba4d86e35281e3.974794321b75f348830f6ff316f662f4
Exploitability Classification: UNKNOWN
Explanation: The target crashed on an access violation at an address matching 
the source operand of the current instruction. This likely indicates a read 
access violation.
Other tags: AccessViolation (21/22)


ASAN:

ASAN:DEADLYSIGNAL
=
==18468==ERROR: AddressSanitizer: SEGV on unknown address 0x9fff8001 (pc 
0x00544b5f bp 0x7ffeeb051e90 sp 0x7ffeeb051c30 T0)
#0 0x544b5e in visit_decref 
/home/test/check/PythonASAN/Modules/gcmodule.c:374
#1 0x544b5e in ?? ??:0
#2 0x5d7035 in func_traverse 
/home/test/check/PythonASAN/Objects/funcobject.c:558 (discriminator 8)
#3 0x5d7035 in ?? ??:0
#4 0x540ca1 in subtract_refs 
/home/test/check/PythonASAN/Modules/gcmodule.c:399
#5 0x540ca1 in collect /home/test/check/PythonASAN/Modules/gcmodule.c:956
#6 0x540ca1 in ?? ??:0
#7 0x5406ed in collect_with_callback 
/home/test/check/PythonASAN/Modules/gcmodule.c:1128
#8 0x5406ed in PyGC_Collect 
/home/test/check/PythonASAN/Modules/gcmodule.c:1592
#9 0x5406ed in _PyGC_CollectIfEnabled 
/home/test/check/PythonASAN/Modules/gcmodule.c:1605
#10 0x5406ed in ?? ??:0
#11 0x50d31a in Py_FinalizeEx 
/home/test/check/PythonASAN/Python/pylifecycle.c:603
#12 0x50d31a in ?? ??:0
#13 0x50e127 in Py_Exit 
/home/test/check/PythonASAN/Python/pylifecycle.c:1537
#14 0x50e127 in ?? ??:0
#15 0x51537b in handle_system_exit 
/home/test/check/PythonASAN/Python/pythonrun.c:602
#16 0x51537b in ?? ??:0
#17 0x5146b0 in PyErr_PrintEx 
/home/test/check/PythonASAN/Python/pythonrun.c:612
#18 0x5146b0 in ?? ??:0
#19 0x512c87 in PyErr_Print 
/home/test/check/PythonASAN/Python/pythonrun.c:508
#20 0x512c87 in PyRun_SimpleFileExFlags 
/home/test/check/PythonASAN/Python/pythonrun.c:401
#21 0x512c87 in ?? ??:0
#22 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320
#23 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780
#24 0x53eefd in ?? ??:0
#25 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69
#26 0x503d16 in ?? ??:0
#27 0x7fcae111d82f in __libc_start_main 
/build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#28 0x7fcae111d82f in ?? ??:0
#29 0x432548 in _start ??:?
#30 0x432548 in ?? ??:0

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/test/check/PythonASAN/python+0x544b5e)
==18468==ABORTING

--
components: Interpreter Core
files: gcmodule_374
messages: 287331
nosy: beginvuln
priority: normal
severity: normal
status: open
title: AddressSanitizer: SEGV on unknown address 0x9fff8001
type: security
versions: Python 3.6
Added file: http://bugs.python.org/file46589/gcmodule_374

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29476] Simplify set_add_entry()

2017-02-08 Thread Raymond Hettinger


Raymond Hettinger added the comment:

> How this change affects this case?

I would expect to see a tiny net benefit.  The set.add() would be 
microscopically faster (because of less work finding and going back to a free 
slot).  The set.discard() would do the same work (locating a value and marking 
it as a dummy).  The resize step would run at the same speed (it just skips 
over dummies and reinserts only active values).  The resize would run a little 
earlier (because we're not reusing a small proportion of the dummy entries) but 
it would clean out 100% of the dummies, making the table more sparse sooner.

> Sets often are used in following pattern

Not really.  This is one use pattern out of many and is one of the least 
common.  The two dominant use cases for sets are uniquification (deduping) and 
fast membership testing.  The third most common case is data analysis using 
fast set-to-set operations (union, intersection, and difference).  Then comes 
cases with individual element membership tests followed by an individual 
element set.add (i.e. the "if x not in seen: {seen.add(x); work_on(x);}" case). 
 Dead last are the affected cases that the bounce around with a mix of 
set.add() and set.discard() or set.remove().

The comment in dictobject.c suggests that the latter case is uncommon by a 
factor of hundreds.  Hence, I think work should be taken out of the inner loop 
for the common cases and instead deferred to the high-speed resize step which 
cleans out 100% of the dummy entries all at once.

The common cases all benefit (none of those have dummies, so there is no reason 
at all to check for dummies in set_add_entry).   The uncommon case (the mix of 
individual adds and discards) is about neutral or slightly positive (as 
explained above).  

I've tried to think of a case that would be negatively affected and all I can 
think of is repeatedly adding and removing exactly the *same* element or small 
group of elements.  In that case, the freeslot would be reused 100% of the time 
and the would never need a resize.  I've not seen such a case and if I had, I 
would still care about the common cases more.

Also, I like the simplification of set_add_entry() and the separation of 
concerns (dummy reclamation occurs in exactly one place and that one place 
eliminates 100% of the dummies in a single pass).

FWIW, there is a loose analogy between this idea and the trade-off between 
reference counting and GC.  Reference counting reuses memory quicker than 
waiting for GC to reclaim memory in one pass later, but it entails encumbering 
all of the setting and deleting code.  GC-only systems make the rest of the 
code much cleaner and faster, but they have to wait to reclaim memory all at 
once.  Where the analogy fails though is that use of reuse of dummies in sets 
is by far the least common case, that early freeslot checks only recapture a 
small fraction of the deletions (only the ones that happen to have exactly the 
same hash slot), and that early freeslot checks are completely wasted in all of 
the common cases (which typically have no dummies at all).

--
nosy: +tim.peters

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29482] AddressSanitizer: attempting double-free on 0x60b000007050

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29486] AddressSanitizer: SEGV on unknown address 0x7f16f88e3560

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29497] AddressSanitizer: SEGV on unknown address 0x000000000008

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGABRT, Aborted.
0x77116418 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/unix/sysv/linux/raise.c:54
Description: Heap error
Short description: HeapError (10/22)
Hash: 2aa3ac417e1aa62c7fe1524ebca9f7a3.8d7f0ad1f2db61942ed3977c83757030
Exploitability Classification: EXPLOITABLE
Explanation: The target's backtrace indicates that libc has detected a heap 
error or that the target was executing a heap function when it stopped. This 
could be due to heap corruption, passing a bad pointer to a heap function such 
as free(), etc. Since heap errors might include buffer overflows, 
use-after-free situations, etc. they are generally considered exploitable.
Other tags: AbortSignal (20/22)


ASAN:

ASAN:DEADLYSIGNAL
=
==18277==ERROR: AddressSanitizer: SEGV on unknown address 0x0008 (pc 
0x7f65f421d380 bp 0x7f65f4560b20 sp 0x7ffe10375320 T0)
#0 0x7f65f421d37f in _int_free 
/build/glibc-GKVZIf/glibc-2.23/malloc/malloc.c:4057
#1 0x7f65f421d37f in ?? ??:0
#2 0x7f65f4220abb in __GI___libc_free 
/build/glibc-GKVZIf/glibc-2.23/malloc/malloc.c:2969 (discriminator 4)
#3 0x7f65f4220abb in ?? ??:0
#4 0x7f65f0640e3f in ffi_call_unix64 ??:?
#5 0x7f65f0640e3f in ?? ??:0
#6 0x7f65f06408aa in ffi_call ??:?
#7 0x7f65f06408aa in ?? ??:0
#8 0x7f65f0885311 in _call_function_pointer 
/home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809
#9 0x7f65f0885311 in _ctypes_callproc 
/home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147
#10 0x7f65f0885311 in ?? ??:0
#11 0x7f65f0874199 in PyCFuncPtr_call 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870
#12 0x7f65f0874199 in ?? ??:0
#13 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#14 0x5745f0 in ?? ??:0
#15 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#16 0x7a7429 in ?? ??:0
#17 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#18 0x7995cc in ?? ??:0
#19 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#20 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#21 0x7ab4cb in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4905
#22 0x7ab4cb in ?? ??:0
#23 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#24 0x7a76f2 in ?? ??:0
#25 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#26 0x7995cc in ?? ??:0
#27 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#28 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#29 0x7a9847 in ?? ??:0
#30 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#31 0x7ac2ea in ?? ??:0
#32 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#33 0x574668 in ?? ??:0
#34 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#35 0x5749fa in ?? ??:0
#36 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#37 0x573e9b in ?? ??:0
#38 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#39 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#40 0x793369 in ?? ??:0
#41 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#42 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#43 0x7a9847 in ?? ??:0
#44 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#45 0x7ac2ea in ?? ??:0
#46 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#47 0x574668 in ?? ??:0
#48 0x5749fa in _PyObject_Call_Prepend 
/home/test

[issue29487] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29498] AddressSanitizer: SEGV on unknown address 0x0005ffff800d

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
_PyObject_GenericGetAttrWithDict (dict=0x2c006f, name=0x77eed3b0, 
obj=0x7628ebf8) at Objects/object.c:1088
1088Py_INCREF(dict);
Description: Access violation on destination operand
Short description: DestAv (8/22)
Hash: 5fba3f64e0a5cd874121e05187de0b92.c7630c31a2ff26cdc6fb85881fa40252
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching 
the destination operand of the instruction. This likely indicates a write 
access violation, which means the attacker may control the write address and/or 
value.
Other tags: AccessViolation (21/22)


ASAN:

EsEASAN:DEADLYSIGNAL
=
==18600==ERROR: AddressSanitizer: SEGV on unknown address 0x0005800d (pc 
0x0063acfe bp 0x7f86cde063b0 sp 0x7fffa5d9ea90 T0)
#0 0x63acfd in _PyObject_GenericGetAttrWithDict 
/home/test/check/PythonASAN/Objects/object.c:1088
#1 0x63acfd in ?? ??:0
#2 0x7966cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:2815 (discriminator 1)
#3 0x7966cc in ?? ??:0
#4 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#5 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#6 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
#7 0x7ab4cb in ?? ??:0
#8 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#9 0x7a76f2 in ?? ??:0
#10 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#11 0x7995cc in ?? ??:0
#12 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#13 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#14 0x7a9847 in ?? ??:0
#15 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#16 0x7ac2ea in ?? ??:0
#17 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#18 0x574668 in ?? ??:0
#19 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#20 0x5749fa in ?? ??:0
#21 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#22 0x573e9b in ?? ??:0
#23 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#24 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#25 0x793369 in ?? ??:0
#26 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#27 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#28 0x7a9847 in ?? ??:0
#29 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#30 0x7ac2ea in ?? ??:0
#31 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#32 0x574668 in ?? ??:0
#33 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#34 0x5749fa in ?? ??:0
#35 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#36 0x573e9b in ?? ??:0
#37 0x66efe4 in slot_tp_call 
/home/test/check/PythonASAN/Objects/typeobject.c:6167
#38 0x66efe4 in ?? ??:0
#39 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#40 0x5745f0 in ?? ??:0
#41 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#42 0x7a7429 in ?? ??:0
#43 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#44 0x7995cc in ?? ??:0
#45 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#46 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#47 0x7a9847 in ?? ??:0
#48 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/chec

[issue29489] AddressSanitizer: SEGV on unknown address 0x7f4a36c604d0

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29488] AddressSanitizer: SEGV on unknown address 0x0001a5525c1b

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29483] AddressSanitizer: heap-buffer-overflow on address 0x60200000e731

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29490] AddressSanitizer: heap-buffer-overflow on address 0x60200000e72f

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29493] AddressSanitizer: SEGV on unknown address 0x000cffff800d

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29491] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29484] AddressSanitizer: heap-buffer-overflow on address 0x60200000e738

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
type:  -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29495] AddressSanitizer: SEGV on unknown address 0x02007ea947c3

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29494] AddressSanitizer: SEGV on unknown address 0x00009fff8001

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29499] AddressSanitizer: SEGV on unknown address 0x000ebfff800d

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
_PyObject_Alloc (ctx=0x0, elsize=136, nelem=1, use_calloc=0) at 
Objects/obmalloc.c:1258
1258if ((pool->freeblock = *(block **)bp) != NULL) {
Description: Access violation on source operand
Short description: SourceAv (19/22)
Hash: 931f1ff7977aaf47bb64eec6d074074f.3e2cbb794853bcf6a077da4bfa99ade4
Exploitability Classification: UNKNOWN
Explanation: The target crashed on an access violation at an address matching 
the source operand of the current instruction. This likely indicates a read 
access violation.
Other tags: AccessViolation (21/22)


ASAN:

EsEASAN:DEADLYSIGNAL
=
==18115==ERROR: AddressSanitizer: SEGV on unknown address 0x000ebfff800d (pc 
0x005082ed bp 0x0072006f sp 0x7fffe2536f60 T0)
#0 0x5082ec in _PyObject_Alloc 
/home/test/check/PythonASAN/Objects/obmalloc.c:1258
#1 0x5082ec in ?? ??:0
#2 0x54318c in _PyObject_GC_Alloc 
/home/test/check/PythonASAN/Modules/gcmodule.c:1714
#3 0x54318c in ?? ??:0
#4 0x543391 in _PyObject_GC_Malloc 
/home/test/check/PythonASAN/Modules/gcmodule.c:1736
#5 0x543391 in _PyObject_GC_New 
/home/test/check/PythonASAN/Modules/gcmodule.c:1748
#6 0x543391 in ?? ??:0
#7 0x5d5516 in PyFunction_NewWithQualName 
/home/test/check/PythonASAN/Objects/funcobject.c:21
#8 0x5d5516 in ?? ??:0
#9 0x796ecf in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3373
#10 0x796ecf in ?? ??:0
#11 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#12 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#13 0x7a9847 in ?? ??:0
#14 0x7ab648 in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#15 0x7ab648 in ?? ??:0
#16 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#17 0x7a76f2 in ?? ??:0
#18 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#19 0x7995cc in ?? ??:0
#20 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#21 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#22 0x7ab4cb in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4905
#23 0x7ab4cb in ?? ??:0
#24 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#25 0x7a76f2 in ?? ??:0
#26 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#27 0x7995cc in ?? ??:0
#28 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#29 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#30 0x7a9847 in ?? ??:0
#31 0x7ab648 in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#32 0x7ab648 in ?? ??:0
#33 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#34 0x7a76f2 in ?? ??:0
#35 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#36 0x7995cc in ?? ??:0
#37 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#38 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#39 0x7a9847 in ?? ??:0
#40 0x7ab648 in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#41 0x7ab648 in ?? ??:0
#42 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#43 0x7a76f2 in ?? ??:0
#44 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#45 0x7995cc in ?? ??:0
#46 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#47 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#48 0x7a9847 in ?? ??:0
#49 0x7ab648 in fast_function 
/home/test/check/P

[issue29484] AddressSanitizer: heap-buffer-overflow on address 0x60200000e738

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29492] AddressSanitizer: SEGV on unknown address 0x0000a0013639

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29490] AddressSanitizer: heap-buffer-overflow on address 0x60200000e72f

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29491] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29486] AddressSanitizer: SEGV on unknown address 0x7f16f88e3560

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29489] AddressSanitizer: SEGV on unknown address 0x7f4a36c604d0

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29500] AddressSanitizer: heap-buffer-overflow on address 0x61600004a982

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Inferior 1 (process 19456) exited normally]


ASAN:

=
==18010==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x6164a982 at pc 0x00830a11 bp 0x7fff6131b9b0 sp 0x7fff6131b9a8
READ of size 2 at 0x6164a982 thread T0
#0 0x830a10 in find_op /home/test/check/PythonASAN/Python/peephole.c:101 
(discriminator 1)
#1 0x830a10 in PyCode_Optimize 
/home/test/check/PythonASAN/Python/peephole.c:712 (discriminator 1)
#2 0x830a10 in ?? ??:0
#3 0x7ccf6c in makecode /home/test/check/PythonASAN/Python/compile.c:5249
#4 0x7ccf6c in assemble /home/test/check/PythonASAN/Python/compile.c:5367
#5 0x7ccf6c in ?? ??:0
#6 0x7d0a09 in compiler_function 
/home/test/check/PythonASAN/Python/compile.c:1886
#7 0x7d0a09 in ?? ??:0
#8 0x7b0923 in compiler_body 
/home/test/check/PythonASAN/Python/compile.c:1463
#9 0x7b0923 in ?? ??:0
#10 0x7ae107 in compiler_mod 
/home/test/check/PythonASAN/Python/compile.c:1483
#11 0x7ae107 in PyAST_CompileObject 
/home/test/check/PythonASAN/Python/compile.c:341
#12 0x7ae107 in ?? ??:0
#13 0x5142d8 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:977
#14 0x5142d8 in PyRun_FileExFlags 
/home/test/check/PythonASAN/Python/pythonrun.c:933
#15 0x5142d8 in ?? ??:0
#16 0x512afa in PyRun_SimpleFileExFlags 
/home/test/check/PythonASAN/Python/pythonrun.c:396
#17 0x512afa in ?? ??:0
#18 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320
#19 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780
#20 0x53eefd in ?? ??:0
#21 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69
#22 0x503d16 in ?? ??:0
#23 0x7f5554ba782f in __libc_start_main 
/build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#24 0x7f5554ba782f in ?? ??:0
#25 0x432548 in _start ??:?
#26 0x432548 in ?? ??:0

0x6164a982 is located 0 bytes to the right of 514-byte region 
[0x6164a780,0x6164a982)
allocated by thread T0 here:
#0 0x4d2678 in malloc ??:?
#1 0x4d2678 in ?? ??:0
#2 0x508c35 in PyMem_RawMalloc 
/home/test/check/PythonASAN/Objects/obmalloc.c:386
#3 0x508c35 in _PyObject_Alloc 
/home/test/check/PythonASAN/Objects/obmalloc.c:1427
#4 0x508c35 in ?? ??:0

SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/home/test/check/PythonASAN/python+0x830a10)
Shadow bytes around the buggy address:
  0x0c2c800014e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800014f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80001500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80001510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80001520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2c80001530:[02]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80001540: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80001550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80001560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80001570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80001580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:   fa
  Heap right redzone:  fb
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack partial redzone:   f4
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb
==18010==ABORTING

--
components: Interpreter Core
files: peephole_101
messages: 287339
nosy: beginvuln
priority: normal
severity: normal
status: o

[issue29497] AddressSanitizer: SEGV on unknown address 0x000000000008

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29487] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29501] AddressSanitizer: SEGV on unknown address 0x0000000028cb

2017-02-08 Thread BeginVuln


New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
Description: Access violation near NULL on source operand
Short description: SourceAvNearNull (16/22)
Hash: 887855ab5f56908afba8d62b6a25a6db.02c83d5748e9f8196679750a04737f93
Exploitability Classification: PROBABLY_NOT_EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching 
the source operand of the current instruction. This likely indicates a read 
access violation, which may mean the application crashed on a simple NULL 
dereference to data structure that has no immediate effect on control of the 
processor.
Other tags: AccessViolation (21/22)


ASAN:

sEASAN:DEADLYSIGNAL
=
==18621==ERROR: AddressSanitizer: SEGV on unknown address 0x28cb (pc 
0x7f1572e57d16 bp 0x7ffeaf5703d0 sp 0x7ffeaf56fb68 T0)
#0 0x7f1572e57d15 in strlen 
/build/glibc-GKVZIf/glibc-2.23/string/../sysdeps/x86_64/strlen.S:76
#1 0x7f1572e57d15 in ?? ??:0
#2 0x44ffac in __interceptor_strlen.part.45 asan_interceptors.cc.o:?
#3 0x44ffac in ?? ??:0
#4 0x7f156c4cdf5c in string_at 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:5226
#5 0x7f156c4cdf5c in ?? ??:0
#6 0x7f156c2ade3f in ffi_call_unix64 ??:?
#7 0x7f156c2ade3f in ?? ??:0
#8 0x7f156c2ad8aa in ffi_call ??:?
#9 0x7f156c2ad8aa in ?? ??:0
#10 0x7f156c4db311 in _call_function_pointer 
/home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809
#11 0x7f156c4db311 in _ctypes_callproc 
/home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147
#12 0x7f156c4db311 in ?? ??:0
#13 0x7f156c4ca199 in PyCFuncPtr_call 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870
#14 0x7f156c4ca199 in ?? ??:0
#15 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#16 0x5745f0 in ?? ??:0
#17 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#18 0x7a7429 in ?? ??:0
#19 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#20 0x7995cc in ?? ??:0
#21 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#22 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#23 0x7a9847 in ?? ??:0
#24 0x7ab648 in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#25 0x7ab648 in ?? ??:0
#26 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#27 0x7a76f2 in ?? ??:0
#28 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#29 0x7995cc in ?? ??:0
#30 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#31 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#32 0x7ab4cb in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4905
#33 0x7ab4cb in ?? ??:0
#34 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#35 0x7a76f2 in ?? ??:0
#36 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#37 0x7995cc in ?? ??:0
#38 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#39 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#40 0x7a9847 in ?? ??:0
#41 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#42 0x7ac2ea in ?? ??:0
#43 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#44 0x574668 in ?? ??:0
#45 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#46 0x5749fa in ?? ??:0
#47 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#48 0x573e9b in ?? ??:0
#49 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:505

[issue29499] AddressSanitizer: SEGV on unknown address 0x000ebfff800d

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29500] AddressSanitizer: heap-buffer-overflow on address 0x61600004a982

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29483] AddressSanitizer: heap-buffer-overflow on address 0x60200000e731

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29498] AddressSanitizer: SEGV on unknown address 0x0005ffff800d

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29501] AddressSanitizer: SEGV on unknown address 0x0000000028cb

2017-02-08 Thread Christian Heimes


Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29487] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29497] AddressSanitizer: SEGV on unknown address 0x000000000008

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29500] AddressSanitizer: heap-buffer-overflow on address 0x61600004a982

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29482] AddressSanitizer: attempting double-free on 0x60b000007050

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29474] Grammatical errors in weakref.WeakValueDictionary docs

2017-02-08 Thread Mariatta Wijaya


Mariatta Wijaya added the comment:

Thanks for reviewing, Marco :)
Updated the patch.

--
Added file: http://bugs.python.org/file46597/issue29474py3-2.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29486] AddressSanitizer: SEGV on unknown address 0x7f16f88e3560

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29496] AddressSanitizer: SEGV on unknown address 0x01ffe96de071

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29492] AddressSanitizer: SEGV on unknown address 0x0000a0013639

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29495] AddressSanitizer: SEGV on unknown address 0x02007ea947c3

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29499] AddressSanitizer: SEGV on unknown address 0x000ebfff800d

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29493] AddressSanitizer: SEGV on unknown address 0x000cffff800d

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29488] AddressSanitizer: SEGV on unknown address 0x0001a5525c1b

2017-02-08 Thread Stéphane Wirtel


Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

1 2 >

1 - 100 of 157 matches

Mail list logo