Brian Cain added the comment:
Here is a more useful ASan report:
=================================================================
==12168==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500001e110
at pc 0x000000697238 bp 0x7fff412b9240 sp 0x7fff412b9238
READ of size 1 at 0x62500001e110 thread T0
#0 0x697237 in tok_nextc
/home/brian/src/fuzzpy/cpython/Parser/tokenizer.c:911:20
#1 0x68c63b in tok_get
/home/brian/src/fuzzpy/cpython/Parser/tokenizer.c:1460:13
#2 0x689d93 in PyTokenizer_Get
/home/brian/src/fuzzpy/cpython/Parser/tokenizer.c:1809:18
#3 0x67fec3 in parsetok
/home/brian/src/fuzzpy/cpython/Parser/parsetok.c:208:16
#4 0x6837d4 in PyParser_ParseFileObject
/home/brian/src/fuzzpy/cpython/Parser/parsetok.c:134:12
#5 0x52f50c in PyParser_ASTFromFileObject
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:1150:15
#6 0x532e16 in PyRun_FileExFlags
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:916:11
#7 0x52c3f8 in PyRun_SimpleFileExFlags
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:396:13
#8 0x52a460 in PyRun_AnyFileExFlags
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:80:16
#9 0x5cb04a in run_file /home/brian/src/fuzzpy/cpython/Modules/main.c:318:11
#10 0x5c5a42 in Py_Main /home/brian/src/fuzzpy/cpython/Modules/main.c:768:19
#11 0x4fbace in main
/home/brian/src/fuzzpy/cpython/./Programs/python.c:69:11
#12 0x7fe8a9a4aa3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
#13 0x431548 in _start (/home/brian/src/fuzzpy/cpython/python+0x431548)
0x62500001e110 is located 16 bytes inside of 8224-byte region
[0x62500001e100,0x625000020120)
freed by thread T0 here:
#0 0x4cdef0 in realloc
/home/brian/src/fuzzpy/llvm_src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:61
#1 0x501280 in _PyMem_RawRealloc
/home/brian/src/fuzzpy/cpython/Objects/obmalloc.c:84:12
#2 0x4fc68d in _PyMem_DebugRealloc
/home/brian/src/fuzzpy/cpython/Objects/obmalloc.c:1921:18
#3 0x4fdf42 in PyMem_Realloc
/home/brian/src/fuzzpy/cpython/Objects/obmalloc.c:343:12
#4 0x69a338 in tok_nextc
/home/brian/src/fuzzpy/cpython/Parser/tokenizer.c:1050:34
#5 0x68a2c9 in tok_get
/home/brian/src/fuzzpy/cpython/Parser/tokenizer.c:1357:17
#6 0x689d93 in PyTokenizer_Get
/home/brian/src/fuzzpy/cpython/Parser/tokenizer.c:1809:18
#7 0x67fec3 in parsetok
/home/brian/src/fuzzpy/cpython/Parser/parsetok.c:208:16
#8 0x6837d4 in PyParser_ParseFileObject
/home/brian/src/fuzzpy/cpython/Parser/parsetok.c:134:12
#9 0x52f50c in PyParser_ASTFromFileObject
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:1150:15
#10 0x532e16 in PyRun_FileExFlags
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:916:11
#11 0x52c3f8 in PyRun_SimpleFileExFlags
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:396:13
#12 0x52a460 in PyRun_AnyFileExFlags
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:80:16
#13 0x5cb04a in run_file
/home/brian/src/fuzzpy/cpython/Modules/main.c:318:11
#14 0x5c5a42 in Py_Main /home/brian/src/fuzzpy/cpython/Modules/main.c:768:19
#15 0x4fbace in main
/home/brian/src/fuzzpy/cpython/./Programs/python.c:69:11
#16 0x7fe8a9a4aa3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
previously allocated by thread T0 here:
#0 0x4cdb88 in malloc
/home/brian/src/fuzzpy/llvm_src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40
#1 0x501030 in _PyMem_RawMalloc
/home/brian/src/fuzzpy/cpython/Objects/obmalloc.c:62:12
#2 0x5074db in _PyMem_DebugAlloc
/home/brian/src/fuzzpy/cpython/Objects/obmalloc.c:1838:22
#3 0x4fc213 in _PyMem_DebugMalloc
/home/brian/src/fuzzpy/cpython/Objects/obmalloc.c:1861:12
#4 0x4fdbfa in PyMem_Malloc
/home/brian/src/fuzzpy/cpython/Objects/obmalloc.c:325:12
#5 0x68791d in PyTokenizer_FromFile
/home/brian/src/fuzzpy/cpython/Parser/tokenizer.c:861:29
#6 0x68359e in PyParser_ParseFileObject
/home/brian/src/fuzzpy/cpython/Parser/parsetok.c:126:16
#7 0x52f50c in PyParser_ASTFromFileObject
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:1150:15
#8 0x532e16 in PyRun_FileExFlags
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:916:11
#9 0x52c3f8 in PyRun_SimpleFileExFlags
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:396:13
#10 0x52a460 in PyRun_AnyFileExFlags
/home/brian/src/fuzzpy/cpython/Python/pythonrun.c:80:16
#11 0x5cb04a in run_file
/home/brian/src/fuzzpy/cpython/Modules/main.c:318:11
#12 0x5c5a42 in Py_Main /home/brian/src/fuzzpy/cpython/Modules/main.c:768:19
#13 0x4fbace in main
/home/brian/src/fuzzpy/cpython/./Programs/python.c:69:11
#14 0x7fe8a9a4aa3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
SUMMARY: AddressSanitizer: heap-use-after-free
/home/brian/src/fuzzpy/cpython/Parser/tokenizer.c:911:20 in tok_nextc
Shadow bytes around the buggy address:
0x0c4a7fffbbd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffbbe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffbbf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffbc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffbc10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a7fffbc20: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a7fffbc30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a7fffbc40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a7fffbc50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a7fffbc60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a7fffbc70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==12168==ABORTING
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25388>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
