New submission from Jeffrey Walton:
>From Python head in mercurial:
$ hg id
7ce22d0899e4+ tip
Exporting "set allocator_may_return_null=1" for Clang might tickle this issue.
Without the export, this test did not fail.
=================================================================
==21071==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6030000b99f4 at pc 0x4aafea bp 0x7fffd2318c70 sp 0x7fffd2318c20
WRITE of size 24 at 0x6030000b99f4 thread T0
#0 0x4aafe9 in write_msghdr
/home/jwalton/Desktop/clang-3.4/llvm-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1395
#1 0x4aafe9 in __interceptor_recvmsg
/home/jwalton/Desktop/clang-3.4/llvm-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1405
#2 0x2ad35b764146 in sock_recvmsg_guts cpython/./Modules/socketmodule.c:2968
#3 0x2ad35b75f83c in sock_recvmsg cpython/./Modules/socketmodule.c:3098
#4 0x6642ba in ext_do_call cpython/./Python/ceval.c:4548
#5 0x6642ba in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#6 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#7 0x670cb5 in fast_function cpython/./Python/ceval.c:4334
#8 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#9 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#10 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#11 0x670cb5 in fast_function cpython/./Python/ceval.c:4334
#12 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#13 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#14 0x670b7a in fast_function cpython/./Python/ceval.c:4324
#15 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#16 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#17 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#18 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#19 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#20 0x6642d6 in ext_do_call cpython/./Python/ceval.c:4551
#21 0x6642d6 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#22 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#23 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#24 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#25 0x830dcc in method_call cpython/./Objects/classobject.c:347
#26 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#27 0x5ae10f in slot_tp_call cpython/./Objects/typeobject.c:5809
#28 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#29 0x6653a0 in do_call cpython/./Python/ceval.c:4456
#30 0x6653a0 in call_function cpython/./Python/ceval.c:4254
#31 0x6653a0 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#32 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#33 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#34 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#35 0x6642d6 in ext_do_call cpython/./Python/ceval.c:4551
#36 0x6642d6 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#37 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#38 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#39 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#40 0x830dcc in method_call cpython/./Objects/classobject.c:347
#41 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#42 0x5ae10f in slot_tp_call cpython/./Objects/typeobject.c:5809
#43 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#44 0x6653a0 in do_call cpython/./Python/ceval.c:4456
#45 0x6653a0 in call_function cpython/./Python/ceval.c:4254
#46 0x6653a0 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#47 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#48 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#49 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#50 0x6642d6 in ext_do_call cpython/./Python/ceval.c:4551
#51 0x6642d6 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#52 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#53 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#54 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#55 0x830dcc in method_call cpython/./Objects/classobject.c:347
#56 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#57 0x5ae10f in slot_tp_call cpython/./Objects/typeobject.c:5809
#58 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#59 0x6653a0 in do_call cpython/./Python/ceval.c:4456
#60 0x6653a0 in call_function cpython/./Python/ceval.c:4254
#61 0x6653a0 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#62 0x670b7a in fast_function cpython/./Python/ceval.c:4324
#63 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#64 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#65 0x670b7a in fast_function cpython/./Python/ceval.c:4324
#66 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#67 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#68 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#69 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#70 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#71 0x6642d6 in ext_do_call cpython/./Python/ceval.c:4551
#72 0x6642d6 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#73 0x670b7a in fast_function cpython/./Python/ceval.c:4324
#74 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#75 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#76 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#77 0x670cb5 in fast_function cpython/./Python/ceval.c:4334
#78 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#79 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#80 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#81 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#82 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#83 0x6642d6 in ext_do_call cpython/./Python/ceval.c:4551
#84 0x6642d6 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#85 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#86 0x670cb5 in fast_function cpython/./Python/ceval.c:4334
#87 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#88 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#89 0x670b7a in fast_function cpython/./Python/ceval.c:4324
#90 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#91 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#92 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#93 0x6545ca in PyEval_EvalCode cpython/./Python/ceval.c:773
#94 0x64d74c in builtin_exec cpython/./Python/bltinmodule.c:876
#95 0x664ceb in call_function cpython/./Python/ceval.c:4227
#96 0x664ceb in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#97 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#98 0x670cb5 in fast_function cpython/./Python/ceval.c:4334
#99 0x65fbc8 in call_function cpython/./Python/ceval.c:4252
#100 0x65fbc8 in PyEval_EvalFrameEx cpython/./Python/ceval.c:2829
#101 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
#102 0x84c177 in function_call cpython/./Objects/funcobject.c:632
#103 0x4fd729 in PyObject_Call cpython/./Objects/abstract.c:2067
#104 0x4ee527 in RunModule cpython/./Modules/main.c:209
#105 0x4ed771 in Py_Main cpython/./Modules/main.c:693
#106 0x4e7d54 in main cpython/././Modules/python.c:69
#107 0x2ad3549e5eac in __libc_start_main
/home/aurel32/eglibc/eglibc-2.13/csu/libc-start.c:244
#108 0x4e7b0c in _start (cpython/./python+0x4e7b0c)
0x6030000b99f4 is located 0 bytes to the right of 20-byte region
[0x6030000b99e0,0x6030000b99f4)
allocated by thread T0 here:
#0 0x4d1a39 in malloc
/home/jwalton/Desktop/clang-3.4/llvm-3.4/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74
#1 0x2ad35b763c55 in sock_recvmsg_guts cpython/./Modules/socketmodule.c:2949
#2 0x2ad35b75f83c in sock_recvmsg cpython/./Modules/socketmodule.c:3098
#3 0x6642ba in ext_do_call cpython/./Python/ceval.c:4548
#4 0x6642ba in PyEval_EvalFrameEx cpython/./Python/ceval.c:2869
#5 0x655a7b in PyEval_EvalCodeEx cpython/./Python/ceval.c:3578
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/jwalton/Desktop/clang-3.4/llvm-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1395
write_msghdr
Shadow bytes around the buggy address:
0x0c068000f2e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c068000f2f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c068000f300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c068000f310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c068000f320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c068000f330: fa fa fa fa fa fa fa fa fa fa fa fa 00 00[04]fa
0x0c068000f340: fa fa 00 00 00 00 fa fa fd fd fd fd fa fa fd fd
0x0c068000f350: fd fd fa fa fd fd fd fd fa fa 00 00 00 00 fa fa
0x0c068000f360: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00
0x0c068000f370: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00
0x0c068000f380: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==21071==ABORTING[ 58/389] test_socket
----------
components: Tests
hgrepos: 221
messages: 213667
nosy: Jeffrey.Walton
priority: normal
severity: normal
status: open
title: test_socket: buffer overflow in sock_recvmsg_guts
versions: Python 3.5
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue20937>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
