➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2015-01-20 07:35 by Paweł.Zduniak, last changed 2022-04-11 14:58 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| test.pyc | Paweł.Zduniak, 2015-01-20 07:35 | |||
| Messages (6) | |||
|---|---|---|---|
| msg234357 - (view) | Author: Paweł Zduniak (Paweł.Zduniak) | Date: 2015-01-20 07:35 | |
(950.e58): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\SysWOW64\python27.dll - python27!PyEval_EvalFrameEx+0x1895: 1e0bcb45 8b74b00c mov esi,dword ptr [eax+esi*4+0Ch] ds:002b:0224207c=???????? |
|||
| msg234360 - (view) | Author: Eryk Sun (eryksun) *  |
Date: 2015-01-20 08:56 | |
You attached a corrupt bytecode cache for stdlib bisect.py:
>>> f = open('test.pyc', 'rb')
>>> magic,tstamp = struct.unpack('<ll', f.read(8))
>>> magic27 = 62211 | (ord('\r') << 16) | (ord('\n') << 24)
>>> magic == magic27
True
>>> datetime.fromtimestamp(tstamp)
datetime.datetime(2011, 3, 8, 2, 39, 36)
>>> code = marshal.load(f)
>>> dis.dis(code)
1 0 LOAD_CONST 0 ('Bisection algorithms.')
3 STORE_NAME 0 (__doc__)
3 6 LOAD_CONST 1 (0)
9 LOAD_CONST 8 (None)
12 LOAD_CONST 2 (<code object insort_right at
0x7f71bf596db0, file
"C:\Python27\Lib\bisect.py",
line 3>)
15 MAKE_FUNCTION 2
18 STORE_NAME 2 (insort_right)
22 21 LOAD_NAME 65282
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/dis.py", line 43, in dis
disassemble(x)
File "/usr/lib/python2.7/dis.py", line 97, in disassemble
print '(' + co.co_names[oparg] + ')',
IndexError: tuple index out of range
It's no surprise if this bad file crashed the interpreter. Just delete it.
|
|||
| msg234373 - (view) | Author: Eric V. Smith (eric.smith) *  |
Date: 2015-01-20 13:46 | |
Was this file generated by CPython from a .py file? If so, can you share the .py file? If not, how was this file generated? As eryksun says, it appears to not be a valid .pyc file. |
|||
| msg234374 - (view) | Author: Paweł Zduniak (Paweł.Zduniak) | Date: 2015-01-20 14:10 | |
This file is created by fuzzer |
|||
| msg234375 - (view) | Author: Brett Cannon (brett.cannon) * |
Date: 2015-01-20 14:22 | |
If it was created by a fuzzer then this isn't a bug as we do no validation of bytecode formatting as we assume it was generated by Python and not an external, malicious source. |
|||
| msg234376 - (view) | Author: STINNER Victor (vstinner) * |
Date: 2015-01-20 14:25 | |
> we assume it was generated by Python and not an external, malicious source. Said differently: you must not trust .py or .pyc downloaded from untrusted sources. Executing arbitary .py or .pyc file allows to execute arbitrary Python code. Instead of writing complex code to inject machine code in the Python evaluation loop (Python/ceval.c), just execute "import os; os.system('echo pwn!')" which runs an arbitrary shell command. Compile it to .pyc if you want to "exploit" the PYC path. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:12 | admin | set | github: 67470 |
| 2015-01-20 14:25:53 | vstinner | set | nosy:
+ vstinner messages: + msg234376 |
| 2015-01-20 14:22:57 | brett.cannon | set | status: open -> closed nosy: + brett.cannon messages: + msg234375 resolution: not a bug |
| 2015-01-20 14:10:37 | Paweł.Zduniak | set | messages: + msg234374 |
| 2015-01-20 13:46:45 | eric.smith | set | nosy:
+ eric.smith messages: + msg234373 |
| 2015-01-20 08:56:08 | eryksun | set | nosy:
+ eryksun messages: + msg234360 |
| 2015-01-20 07:35:29 | Paweł.Zduniak | create | |