Message 257439 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	William Bowling
Recipients	William Bowling, serhiy.storchaka
Date	2016-01-04.03:02:19
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1451876540.89.0.967511214892.issue26000@psf.upfronthosting.co.za>
In-reply-to

Content
Also a very similar source causes a slightly different crash (heap-buffer-overflow instead of heap-use-after-free): ./python -c 'with open("vuln2.py", "wb") as f: f.write(b"\x61\x73\x00\x0a\x79\x6e\x63\x5c\x0a\x00\x0d\xdd")' ./python vuln2.py Python 3.5.1+ (default, Jan 4 2016, 00:05:40) Attached the asan report

Also a very similar source causes a slightly different crash (heap-buffer-overflow instead of heap-use-after-free):

./python -c 'with open("vuln2.py", "wb") as f: f.write(b"\x61\x73\x00\x0a\x79\x6e\x63\x5c\x0a\x00\x0d\xdd")'
./python vuln2.py

Python 3.5.1+ (default, Jan  4 2016, 00:05:40)

Attached the asan report

History
Date	User	Action	Args
2016-01-04 03:02:20	William Bowling	set	recipients: + William Bowling, serhiy.storchaka
2016-01-04 03:02:20	William Bowling	set	messageid: <1451876540.89.0.967511214892.issue26000@psf.upfronthosting.co.za>
2016-01-04 03:02:20	William Bowling	link	issue26000 messages
2016-01-04 03:02:20	William Bowling	create