➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2013-12-03 18:54 by Level, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Messages (7) | |||
|---|---|---|---|
| msg205138 - (view) | Author: Matthew Bergin (Level) | Date: 2013-12-03 18:54 | |
[level@<removed> fuzz]# cat PyCFunction.py # # PyCFunction_NewEx crach poc (sigabrt) # import imageop imageop.rgb82rgb(u"%J8CBej >uFBi-",True,8.36) imageop.grey2grey(None,5,u"CRi") [level@<removed> fuzz]# gdb --args python PyCFunction.py GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/python...(no debugging symbols found)...done. Missing separate debuginfos, use: debuginfo-install python-2.6.6-37.el6_4.i686 python-2.6.6-37.el6_4.x86_64 (gdb) r Starting program: /usr/bin/python PyCFunction.py [Thread debugging using libthread_db enabled] PyCFunction.py:5: DeprecationWarning: integer argument expected, got float imageop.rgb82rgb(u"%J8CBej >uFBi-",True,8.36) Fatal Python error: GC object already tracked Program received signal SIGABRT, Aborted. 0x00007ffff6e2e8e5 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff6e2e8e5 in raise () from /lib64/libc.so.6 #1 0x00007ffff6e300c5 in abort () from /lib64/libc.so.6 #2 0x00007ffff7b2823e in Py_FatalError () from /usr/lib64/libpython2.6.so.1.0 #3 0x00007ffff7ab3175 in PyCFunction_NewEx () from /usr/lib64/libpython2.6.so.1.0 #4 0x00007ffff7b24b18 in Py_InitModule4_64 () from /usr/lib64/libpython2.6.so.1.0 #5 0x00007ffff0b66abe in initsyslog () from /usr/lib64/python2.6/lib-dynload/syslog.so #6 0x00007ffff7b21865 in _PyImport_LoadDynamicModule () from /usr/lib64/libpython2.6.so.1.0 #7 0x00007ffff7b1f8a5 in ?? () from /usr/lib64/libpython2.6.so.1.0 #8 0x00007ffff7b1fb24 in ?? () from /usr/lib64/libpython2.6.so.1.0 #9 0x00007ffff7b2017d in ?? () from /usr/lib64/libpython2.6.so.1.0 #10 0x00007ffff7b20ee4 in PyImport_ImportModuleLevel () from /usr/lib64/libpython2.6.so.1.0 #11 0x00007ffff7b0671f in ?? () from /usr/lib64/libpython2.6.so.1.0 #12 0x00007ffff7a7ac63 in PyObject_Call () from /usr/lib64/libpython2.6.so.1.0 #13 0x00007ffff7b06c93 in PyEval_CallObjectWithKeywords () from /usr/lib64/libpython2.6.so.1.0 #14 0x00007ffff7b0a33f in PyEval_EvalFrameEx () from /usr/lib64/libpython2.6.so.1.0 #15 0x00007ffff7b0db8f in PyEval_EvalFrameEx () from /usr/lib64/libpython2.6.so.1.0 #16 0x00007ffff7b0e657 in PyEval_EvalCodeEx () from /usr/lib64/libpython2.6.so.1.0 #17 0x00007ffff7aa1cb0 in ?? () from /usr/lib64/libpython2.6.so.1.0 #18 0x00007ffff7a7ac63 in PyObject_Call () from /usr/lib64/libpython2.6.so.1.0 #19 0x00007ffff7b06c93 in PyEval_CallObjectWithKeywords () from /usr/lib64/libpython2.6.so.1.0 #20 0x00007ffff7b29cc2 in PyErr_PrintEx () from /usr/lib64/libpython2.6.so.1.0 #21 0x00007ffff7b2a287 in PyRun_SimpleFileExFlags () from /usr/lib64/libpython2.6.so.1.0 #22 0x00007ffff7b368a2 in Py_Main () from /usr/lib64/libpython2.6.so.1.0 #23 0x00007ffff6e1acdd in __libc_start_main () from /lib64/libc.so.6 #24 0x0000000000400649 in _start () (gdb) q |
|||
| msg205150 - (view) | Author: STINNER Victor (vstinner) *  |
Date: 2013-12-03 21:04 | |
I cannot test the issue, imageop cannot be compiled on 64-bit system and is not present in Python 3. (I don't have access to 32-bit system right now.) Can you reproduce the issue with Python 2.7? I'm interested by your fuzzer, is it public? |
|||
| msg205152 - (view) | Author: Matthew Bergin (Level) | Date: 2013-12-03 21:07 | |
I am going to test it against 2.7 a little later on this afternoon. I typically host all of the code I write at https://github.com/levle but atm the github repo I use to host the project is private. Once I work out some of the kinks I will set it to Public. |
|||
| msg205153 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2013-12-03 21:09 | |
On 2.7 tip, it fails up front with a TypeError:
File "/home/nad/PyCFunction.py", line 5, in <module>
imageop.rgb82rgb(u"%J8CBej >uFBi-",True,8.36)
TypeError: integer argument expected, got float
[18330 refs]
|
|||
| msg205154 - (view) | Author: STINNER Victor (vstinner) * |
Date: 2013-12-03 21:13 | |
"I typically host all of the code I write at https://github.com/levle but atm the github repo I use to host the project is private. Once I work out some of the kinks I will set it to Public." I worked on a Python fuzzer some years ago and fixed a lot of similar crashes in Python. See my fuzzer: https://bitbucket.org/haypo/fusil/src/tip/fuzzers/fusil-python It uses the Fusil library: https://bitbucket.org/haypo/fusil/ @Ned: Did you run the script more than once? It looks like a random bug (Heisenbug). |
|||
| msg205156 - (view) | Author: Matthew Bergin (Level) | Date: 2013-12-03 21:15 | |
Sweet, I will check it out |
|||
| msg205157 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2013-12-03 21:16 | |
@Victor: On 2.6, it gets a DeprecationWarning. On 2.7, that is now a TypeError. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:54 | admin | set | github: 64078 |
| 2019-03-28 11:24:06 | methane | set | status: open -> closed resolution: out of date stage: resolved |
| 2013-12-03 21:16:56 | ned.deily | set | messages: + msg205157 |
| 2013-12-03 21:15:32 | Level | set | messages: + msg205156 |
| 2013-12-03 21:13:12 | vstinner | set | messages: + msg205154 |
| 2013-12-03 21:09:29 | ned.deily | set | nosy:
+ ned.deily messages: + msg205153 |
| 2013-12-03 21:07:12 | Level | set | messages: + msg205152 |
| 2013-12-03 21:04:38 | vstinner | set | nosy:
+ vstinner, serhiy.storchaka messages: + msg205150 title: PyCFunction_NewEx() SIGABRT -> imageop: bug in error handler |
| 2013-12-03 18:54:52 | Level | create | |