[issue29493] AddressSanitizer: SEGV on unknown address 0x000cffff800d

2017-02-08 Thread Stéphane Wirtel 

Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29493] AddressSanitizer: SEGV on unknown address 0x000cffff800d

2017-02-08 Thread Christian Heimes 

Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29493] AddressSanitizer: SEGV on unknown address 0x000cffff800d

2017-02-08 Thread BeginVuln 

New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x0043d563 in PyObject_GC_UnTrack (op=0x73810400) at 
Modules/gcmodule.c:1699
1699_PyObject_GC_UNTRACK(op);
Description: Access violation on destination operand
Short description: DestAv (8/22)
Hash: a30125899c34aa234161214a7afc7066.d78488ccad0508b81b411140385e7113
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching 
the destination operand of the instruction. This likely indicates a write 
access violation, which means the attacker may control the write address and/or 
value.
Other tags: AccessViolation (21/22)


ASAN:

EsFASAN:DEADLYSIGNAL
=
==18094==ERROR: AddressSanitizer: SEGV on unknown address 0x000c800d (pc 
0x00543039 bp 0x0fec572c0c81 sp 0x7ffc421b9cf0 T0)
#0 0x543038 in PyObject_GC_UnTrack 
/home/test/check/PythonASAN/Modules/gcmodule.c:1699 (discriminator 4)
#1 0x543038 in ?? ??:0
#2 0x65ca2f in subtype_dealloc 
/home/test/check/PythonASAN/Objects/typeobject.c:1133
#3 0x65ca2f in ?? ??:0
#4 0x5d10da in frame_dealloc 
/home/test/check/PythonASAN/Objects/frameobject.c:423 (discriminator 5)
#5 0x5d10da in ?? ??:0
#6 0x5304c4 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:55 
(discriminator 5)
#7 0x5304c4 in ?? ??:0
#8 0x530456 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:54 
(discriminator 5)
#9 0x530456 in ?? ??:0
#10 0x530456 in tb_dealloc 
/home/test/check/PythonASAN/Python/traceback.c:54 (discriminator 5)
#11 0x530456 in ?? ??:0
#12 0x5b3b49 in BaseException_clear 
/home/test/check/PythonASAN/Objects/exceptions.c:76 (discriminator 5)
#13 0x5b3b49 in ?? ??:0
#14 0x5b3742 in BaseException_dealloc 
/home/test/check/PythonASAN/Objects/exceptions.c:86
#15 0x5b3742 in ?? ??:0
#16 0x656df9 in tupledealloc 
/home/test/check/PythonASAN/Objects/tupleobject.c:243 (discriminator 5)
#17 0x656df9 in ?? ??:0
#18 0x656df9 in tupledealloc 
/home/test/check/PythonASAN/Objects/tupleobject.c:243 (discriminator 5)
#19 0x656df9 in ?? ??:0
#20 0x5e5c19 in list_clear 
/home/test/check/PythonASAN/Objects/listobject.c:562 (discriminator 5)
#21 0x5e5c19 in listclear 
/home/test/check/PythonASAN/Objects/listobject.c:763 (discriminator 5)
#22 0x5e5c19 in ?? ??:0
#23 0x632208 in _PyCFunction_FastCallDict 
/home/test/check/PythonASAN/Objects/methodobject.c:192
#24 0x632208 in ?? ??:0
#25 0x7a7751 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4788 (discriminator 17)
#26 0x7a7751 in ?? ??:0
#27 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#28 0x7995cc in ?? ??:0
#29 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#30 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#31 0x7a9847 in ?? ??:0
#32 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#33 0x7ac2ea in ?? ??:0
#34 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#35 0x574668 in ?? ??:0
#36 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#37 0x5749fa in ?? ??:0
#38 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#39 0x573e9b in ?? ??:0
#40 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#41 0x793369 in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3357
#42 0x793369 in ?? ??:0
#43 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#44 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#45 0x7a9847 in ?? ??:0
#46 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#47 0x7ac2ea in ??