subject:"\[issue20937\] test_socket\: buffer overflow in sock_recvmsg

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

2021-10-22 Thread Irit Katriel



Irit Katriel  added the comment:

Please create a new issue if you're still seeing this on 3.9+.

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

2021-10-22 Thread Irit Katriel



Change by Irit Katriel :


--
resolution:  -> out of date
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

2014-03-22 Thread Charles-François Natali


Charles-François Natali added the comment:

I don't see anything wrong with the code.

Could you try running the test under valgrind.
You must build Python with --with-valgrind, and then:
valgrind --tool=memcheck --suppressions=Misc/valgrind-python.supp test

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20937
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

2014-03-16 Thread Jeffrey Walton


Jeffrey Walton added the comment:

This might be relevant. It showed up while building Python 3.3.5 from sources.

/usr/local/bin/clang -fsanitize=undefined -fPIC -Wno-unused-result -DNDEBUG -g 
-fwrapv -O3 -Wall -Wstrict-prototypes -I./Include -I. -IInclude 
-I/usr/local/include -IPython-3.3.5/./Include -IPython-3.3.5/. -c 
Python-3.3.5/./Modules/socketmodule.c -o 
build/temp.linux-x86_64-3.3Python-3.3.5/./Modules/socketmodule.o
Python-3.3.5/./Modules/socketmodule.c:1951:74: warning: 
  comparison of unsigned expression  0 is always false
  [-Wtautological-compare]
if (cmsgh == NULL || msg-msg_control == NULL || msg-msg_controllen  0)

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20937
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

2014-03-15 Thread Jeffrey Walton


New submission from Jeffrey Walton:

From Python head in mercurial:

$ hg id
7ce22d0899e4+ tip

Exporting set allocator_may_return_null=1 for Clang might tickle this issue. 
Without the export, this test did not fail.

=
==21071==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x603b99f4 at pc 0x4aafea bp 0x7fffd2318c70 sp 0x7fffd2318c20
WRITE of size 24 at 0x603b99f4 thread T0
#0 0x4aafe9 in write_msghdr 
/home/jwalton/Desktop/clang-3.4/llvm-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1395
#1 0x4aafe9 in __interceptor_recvmsg 
/home/jwalton/Desktop/clang-3.4/llvm-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1405
#2 0x2ad35b764146 in sock_recvmsg_guts cpython/./Modules/socketmodule.c:2968
#3 0x2ad35b75f83c in sock_recvmsg cpython/./Modules/socketmodule.c:3098
#4 0x6642ba in ext_do_call cpython/./Python/ceval.c:4548
#5 0x6642ba in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#6 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#7 0x670cb5 in fast_function cpython/./Python/ceval.c:4334
#8 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#9 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#10 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#11 0x670cb5 in fast_function cpython/./Python/ceval.c:4334
#12 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#13 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#14 0x670b7a in fast_function cpython/./Python/ceval.c:4324
#15 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#16 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#17 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#18 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#19 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#20 0x6642d6 in ext_do_call cpython/./Python/ceval.c:4551
#21 0x6642d6 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#22 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#23 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#24 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#25 0x830dcc in method_call cpython/./Objects/classobject.c:347
#26 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#27 0x5ae10f in slot_tp_call cpython/./Objects/typeobject.c:5809
#28 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#29 0x6653a0 in do_call cpython/./Python/ceval.c:4456
#30 0x6653a0 in call_function cpython/./Python/ceval.c:4254
#31 0x6653a0 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#32 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#33 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#34 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#35 0x6642d6 in ext_do_call cpython/./Python/ceval.c:4551
#36 0x6642d6 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#37 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#38 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#39 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#40 0x830dcc in method_call cpython/./Objects/classobject.c:347
#41 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#42 0x5ae10f in slot_tp_call cpython/./Objects/typeobject.c:5809
#43 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#44 0x6653a0 in do_call cpython/./Python/ceval.c:4456
#45 0x6653a0 in call_function cpython/./Python/ceval.c:4254
#46 0x6653a0 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#47 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#48 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#49 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#50 0x6642d6 in ext_do_call cpython/./Python/ceval.c:4551
#51 0x6642d6 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#52 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#53 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#54 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#55 0x830dcc in method_call cpython/./Objects/classobject.c:347
#56 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#57 0x5ae10f in slot_tp_call cpython/./Objects/typeobject.c:5809
#58 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#59 0x6653a0 in do_call cpython/./Python/ceval.c:4456
#60 0x6653a0 in call_function cpython/./Python/ceval.c:4254
#61 0x6653a0 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#62 0x670b7a in fast_function cpython/./Python/ceval.c:4324
#63 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#64 0x65fbc8 in PyEval_EvalFrameEx

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

2014-03-15 Thread Jeffrey Walton


Jeffrey Walton added the comment:

This does not look quite right from Modules/sockewtmodule.c.

/* Fill in an iovec for each item, and save the Py_buffer
   structs to release afterwards. */
if (nitems  0  ((iovs = PyMem_New(struct iovec, nitems)) == NULL ||
   (bufs = PyMem_New(Py_buffer, nitems)) == NULL)) {
PyErr_NoMemory();
goto finally;
}

for (; nbufs  nitems; nbufs++) {
if (!PyArg_Parse(PySequence_Fast_GET_ITEM(fast, nbufs),
 w*;recvmsg_into() argument 1 must be an iterable 
 of single-segment read-write buffers,
 bufs[nbufs]))
goto finally;
iovs[nbufs].iov_base = bufs[nbufs].buf;
iovs[nbufs].iov_len = bufs[nbufs].len;
}

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20937
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

2014-03-15 Thread Antoine Pitrou


Changes by Antoine Pitrou pit...@free.fr:


--
nosy: +giampaolo.rodola, neologix, pitrou
versions: +Python 3.3, Python 3.4 -Python 3.5

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20937
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

[issue20937] test_socket: buffer overflow in sock_recvmsg_guts

7 matches

Site Navigation

Mail list logo

Footer information