This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Heap out of bounds read in tok_nextc()
Type: crash Stage: resolved
Components: Interpreter Core Versions: Python 2.7
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: Nosy List: BTaskaya, Kamil Frankowicz, iritkatriel, serhiy.storchaka
Priority: normal Keywords:

Created on 2017-03-06 08:13 by Kamil Frankowicz, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
python_hoobr_tok_nextc.py Kamil Frankowicz, 2017-03-06 08:13 PoC to trigger heap out of bounds read
Messages (3)
msg289078 - (view) Author: Kamil Frankowicz (Kamil Frankowicz) Date: 2017-03-06 08:13 
After some fuzz testing I found a crashing test case.

Version: 2.7.13 compiled from source with Clang 3.9.1.

To reproduce: python python_hoobr_tok_nextc.py

Extract from Valgrind log (full log file at https://gist.github.com/fumfel/f9780e567dec761f8524523fff040742):

==15583== Process terminating with default action of signal 11 (SIGSEGV)
==15583==  Bad permissions for mapped region at address 0x5F36000
==15583==    at 0x41EBC4: tok_nextc (tokenizer.c:861)
==15583==    by 0x41ABA2: tok_get (tokenizer.c:1568)
==15583==    by 0x41ABA2: PyTokenizer_Get (tokenizer.c:1681)
==15583==    by 0x4171D4: parsetok (parsetok.c:159)
==15583==    by 0x417DC0: PyParser_ParseFileFlagsEx (parsetok.c:106)
==15583==    by 0x5C4A1D: PyParser_ASTFromFile (pythonrun.c:1499)
==15583==    by 0x5C4C28: PyRun_FileExFlags (pythonrun.c:1354)
==15583==    by 0x5C4009: PyRun_SimpleFileExFlags (pythonrun.c:948)
==15583==    by 0x5C34AA: PyRun_AnyFileExFlags (pythonrun.c:752)
==15583==    by 0x416478: Py_Main (main.c:640)
==15583==    by 0x578782F: (below main) (libc-start.c:291)
msg358779 - (view) Author: Batuhan Taskaya (BTaskaya) * (Python committer) Date: 2019-12-21 19:04 
(.venv) [ 10:04ÖS ]  [ isidentical@x200:~/Downloads ]
 $ python -V
Python 3.9.0a1+
(.venv) [ 10:04ÖS ]  [ isidentical@x200:~/Downloads ]
 $ python python_hoobr_tok_nextc.py
  File "/home/isidentical/Downloads/python_hoobr_tok_nextc.py", line 5
    
    ^
SyntaxError: EOF while scanning triple-quoted string literal
msg382092 - (view) Author: Irit Katriel (iritkatriel) * (Python committer) Date: 2020-11-29 20:19 
Kamil, I got the same result as Batuhan on a recent version. Are you seeing this on Python 3, or is it a python 2.7 issue?
History
Date User Action Args
2022-04-11 14:58:43adminsetgithub: 73918
2021-04-25 18:16:03iritkatrielsetstatus: pending -> closed
resolution: out of date
stage: resolved
2020-11-29 20:19:46iritkatrielsetstatus: open -> pending
nosy: + iritkatriel
messages: + msg382092

2019-12-21 19:04:36BTaskayasetnosy: + BTaskaya
messages: + msg358779
2017-03-06 08:21:40serhiy.storchakasetnosy: + serhiy.storchaka
2017-03-06 08:13:44Kamil Frankowiczcreate