This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Python 2.7 SIGSEGV
Type: crash Stage: resolved
Components: Build Versions: Python 2.7
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: Nosy List: cody, jwilk, serhiy.storchaka
Priority: normal Keywords:

Created on 2017-08-29 11:20 by cody, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
py27-sigsegv.zip cody, 2017-08-29 11:20 2 files for sigsegv in python2.7
Messages (4)
msg300981 - (view) Author: Cody Sixteen (cody) Date: 2017-08-29 11:20 
During one fuzzing session I found that python2.7 will crash when parsing the file (attached).

Maybe you will find it useful.
msg301138 - (view) Author: Jakub Wilk (jwilk) Date: 2017-09-01 17:02 
I can't reproduce it here:

Python 2.7.13 (default, Jan 19 2017, 14:48:08) 
[GCC 6.3.0 20170118] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ast
>>> s = open('id%3A000000,sig%3A11,src%3A000000,op%3Ahavoc,rep%3A32').read()
>>> ast.parse(s)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/ast.py", line 37, in parse
    return compile(source, filename, mode, PyCF_ONLY_AST)
TypeError: compile() expected string without null bytes
msg301185 - (view) Author: Cody Sixteen (cody) Date: 2017-09-03 07:05 
c@debian:~/tools/afl/afl-2.50b/out_python/crashes$ ls -la
total 160
drwx------ 2 c c  4096 Aug 31 00:23 .
drwx------ 5 c c  4096 Sep  3 09:04 ..
-rw------- 1 c c 29352 Aug 28 16:14 id:000000,sig:11,src:000000,op:havoc,rep:32
-rw------- 1 c c 62917 Aug 28 17:08 id:000001,sig:11,src:000000,op:havoc,rep:128
-rw------- 1 c c 15945 Aug 29 20:01 id:000002,sig:11,src:000000,op:havoc,rep:128
-rw------- 1 c c 34202 Aug 31 00:23 id:000003,sig:11,src:000000,op:havoc,rep:128
-rw------- 1 c c   641 Aug 28 16:14 README.txt
c@debian:~/tools/afl/afl-2.50b/out_python/crashes$


c@debian:~/tools/afl/afl-2.50b/out_python/crashes$ /usr/bin/python2.7 --version
Python 2.7.9
(...)
Python 2.7.9 (default, Jun 29 2016, 13:08:31)
[GCC 4.9.2] on linux2

(...)
c@debian:~/tools/afl/afl-2.50b/out_python/crashes$ gdb -q /usr/bin/python2.7
Reading symbols from /usr/bin/python2.7...(no debugging symbols found)...done.
(gdb) r id:000001,sig:11,src:000000,op:havoc,rep:128
Starting program: /usr/bin/python2.7 id:000001,sig:11,src:000000,op:havoc,rep:128
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00000000004c7334 in ?? ()
(gdb) bt full
#0  0x00000000004c7334 in ?? ()
No symbol table info available.
#1  0x00000000004c7178 in ?? ()
No symbol table info available.
#2  0x00000000004c3e0a in ?? ()
No symbol table info available.
#3  0x00000000004c34de in PyParser_ASTFromFile ()
No symbol table info available.
#4  0x00000000004f6bfc in PyRun_FileExFlags ()
No symbol table info available.
#5  0x00000000004f5d37 in PyRun_SimpleFileExFlags ()
No symbol table info available.
#6  0x00000000004981cd in Py_Main ()
No symbol table info available.
#7  0x00007ffff6f12b45 in __libc_start_main (main=0x497c60 <main>, argc=2, argv=0x7fffffffe6a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
    stack_end=0x7fffffffe698) at libc-start.c:287
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 5508890025450822687, 4815714, 140737488348832, 0, 0, -5508890024716772321, -5508905476226917345},
              mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x603cd0 <__libc_csu_init>, 0x7fffffffe6a8}, data = {prev = 0x0, cleanup = 0x0, canceltype = 6307024}}}
        not_first_call = <optimized out>
#8  0x0000000000497b8b in _start ()
No symbol table info available.
(gdb)

(gdb) i r
rax            0x0      0
rbx            0xa17b40 10582848
rcx            0x0      0
rdx            0x800000000000   140737488355328
rsi            0xa87001 11038721
rdi            0xa17b40 10582848
rbp            0xa87000 0xa87000
rsp            0x7fffffffe160   0x7fffffffe160
r8             0x1c0800000000000        126241527054729216
r9             0x0      0
r10            0x7fffffffe26d   140737488347757
r11            0x1      1
r12            0x1      1
r13            0xa17b68 10582888
r14            0xa17ee0 10583776
r15            0x0      0
rip            0x4c7334 0x4c7334
eflags         0x10212  [ AF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
(gdb)
msg301193 - (view) Author: Jakub Wilk (jwilk) Date: 2017-09-03 14:38 
Thanks, I can reproduce the crashes with Python 2.7.9.

The first commit that fixes them is  5d7d26c403d86e9525820d872eb3e331dbc31750, so I believe this is duplicate of issue25388.
History
Date User Action Args
2022-04-11 14:58:51adminsetgithub: 75482
2017-09-03 15:41:13serhiy.storchakasetstatus: open -> closed
nosy: + serhiy.storchaka

resolution: out of date
stage: resolved
2017-09-03 14:38:55jwilksetmessages: + msg301193
2017-09-03 07:05:38codysetmessages: + msg301185
2017-09-01 17:02:49jwilksetnosy: + jwilk
messages: + msg301138
2017-08-29 11:20:31codycreate