[issue29501] AddressSanitizer: SEGV on unknown address 0x0000000028cb

2017-02-08 Thread Stéphane Wirtel 

Changes by Stéphane Wirtel :


--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29501] AddressSanitizer: SEGV on unknown address 0x0000000028cb

2017-02-08 Thread Christian Heimes 

Changes by Christian Heimes :


--
components: +Extension Modules -Interpreter Core
priority: normal -> low
type: security -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29501] AddressSanitizer: SEGV on unknown address 0x0000000028cb

2017-02-08 Thread BeginVuln 

New submission from BeginVuln:

OS Version : Ubuntu 16.04 LTS
Python download link : 
https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
Description: Access violation near NULL on source operand
Short description: SourceAvNearNull (16/22)
Hash: 887855ab5f56908afba8d62b6a25a6db.02c83d5748e9f8196679750a04737f93
Exploitability Classification: PROBABLY_NOT_EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching 
the source operand of the current instruction. This likely indicates a read 
access violation, which may mean the application crashed on a simple NULL 
dereference to data structure that has no immediate effect on control of the 
processor.
Other tags: AccessViolation (21/22)


ASAN:

sEASAN:DEADLYSIGNAL
=
==18621==ERROR: AddressSanitizer: SEGV on unknown address 0x28cb (pc 
0x7f1572e57d16 bp 0x7ffeaf5703d0 sp 0x7ffeaf56fb68 T0)
#0 0x7f1572e57d15 in strlen 
/build/glibc-GKVZIf/glibc-2.23/string/../sysdeps/x86_64/strlen.S:76
#1 0x7f1572e57d15 in ?? ??:0
#2 0x44ffac in __interceptor_strlen.part.45 asan_interceptors.cc.o:?
#3 0x44ffac in ?? ??:0
#4 0x7f156c4cdf5c in string_at 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:5226
#5 0x7f156c4cdf5c in ?? ??:0
#6 0x7f156c2ade3f in ffi_call_unix64 ??:?
#7 0x7f156c2ade3f in ?? ??:0
#8 0x7f156c2ad8aa in ffi_call ??:?
#9 0x7f156c2ad8aa in ?? ??:0
#10 0x7f156c4db311 in _call_function_pointer 
/home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809
#11 0x7f156c4db311 in _ctypes_callproc 
/home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147
#12 0x7f156c4db311 in ?? ??:0
#13 0x7f156c4ca199 in PyCFuncPtr_call 
/home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870
#14 0x7f156c4ca199 in ?? ??:0
#15 0x5745f0 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2316
#16 0x5745f0 in ?? ??:0
#17 0x7a7429 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4812
#18 0x7a7429 in ?? ??:0
#19 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#20 0x7995cc in ?? ??:0
#21 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#22 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#23 0x7a9847 in ?? ??:0
#24 0x7ab648 in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#25 0x7ab648 in ?? ??:0
#26 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#27 0x7a76f2 in ?? ??:0
#28 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#29 0x7995cc in ?? ??:0
#30 0x7ab4cb in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#31 0x7ab4cb in _PyFunction_FastCall 
/home/test/check/PythonASAN/Python/ceval.c:4870
#32 0x7ab4cb in fast_function 
/home/test/check/PythonASAN/Python/ceval.c:4905
#33 0x7ab4cb in ?? ??:0
#34 0x7a76f2 in call_function 
/home/test/check/PythonASAN/Python/ceval.c:4809
#35 0x7a76f2 in ?? ??:0
#36 0x7995cc in _PyEval_EvalFrameDefault 
/home/test/check/PythonASAN/Python/ceval.c:3275
#37 0x7995cc in ?? ??:0
#38 0x7a9847 in PyEval_EvalFrameEx 
/home/test/check/PythonASAN/Python/ceval.c:718
#39 0x7a9847 in _PyEval_EvalCodeWithName 
/home/test/check/PythonASAN/Python/ceval.c:4119
#40 0x7a9847 in ?? ??:0
#41 0x7ac2ea in _PyFunction_FastCallDict 
/home/test/check/PythonASAN/Python/ceval.c:5021
#42 0x7ac2ea in ?? ??:0
#43 0x574668 in _PyObject_FastCallDict 
/home/test/check/PythonASAN/Objects/abstract.c:2295
#44 0x574668 in ?? ??:0
#45 0x5749fa in _PyObject_Call_Prepend 
/home/test/check/PythonASAN/Objects/abstract.c:2358
#46 0x5749fa in ?? ??:0
#47 0x573e9b in PyObject_Call 
/home/test/check/PythonASAN/Objects/abstract.c:2246
#48 0x573e9b in ?? ??:0
#49 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:505