Message287322
OS Version : Ubuntu 16.04 LTS
Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
Python version : 3.6.0
Normal build cmd :
./configure
make
Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make
GDB with exploitable:
To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff639c455 in PyCData_clear (self=0x7ffff5b3f510) at /home/test/check/PythonGDB/Modules/_ctypes/_ctypes.c:2497
2497 Py_CLEAR(self->b_objects);
Description: Access violation on destination operand
Short description: DestAv (8/22)
Hash: 8dc538f2a05876e51d4aacf57c47935b.6a0f7d54d57adbe0b04a497a3ee9c96c
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value.
Other tags: AccessViolation (21/22)
ASAN:
ASAN:DEADLYSIGNAL
=================================================================
==18570==ERROR: AddressSanitizer: SEGV on unknown address 0x0001a5525c1b (pc 0x7f922b0d9c62 bp 0x7f922b0d9c20 sp 0x7ffc440acf10 T0)
#0 0x7f922b0d9c61 in PyCData_clear /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2497 (discriminator 3)
#1 0x7f922b0d9c61 in PyCData_dealloc /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2509 (discriminator 3)
#2 0x7f922b0d9c61 in ?? ??:0
#3 0x65d51a in subtype_dealloc /home/test/check/PythonASAN/Objects/typeobject.c:1222
#4 0x65d51a in ?? ??:0
#5 0x60fb27 in free_keys_object /home/test/check/PythonASAN/Objects/dictobject.c:561 (discriminator 5)
#6 0x60fb27 in ?? ??:0
#7 0x6163fa in dict_dealloc /home/test/check/PythonASAN/Objects/dictobject.c:1933 (discriminator 1)
#8 0x6163fa in ?? ??:0
#9 0x7f922b0d9ca8 in PyCData_clear /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2497 (discriminator 5)
#10 0x7f922b0d9ca8 in PyCData_dealloc /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:2509 (discriminator 5)
#11 0x7f922b0d9ca8 in ?? ??:0
#12 0x65d51a in subtype_dealloc /home/test/check/PythonASAN/Objects/typeobject.c:1222
#13 0x65d51a in ?? ??:0
#14 0x5d10da in frame_dealloc /home/test/check/PythonASAN/Objects/frameobject.c:423 (discriminator 5)
#15 0x5d10da in ?? ??:0
#16 0x7a98ca in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4130 (discriminator 3)
#17 0x7a98ca in ?? ??:0
#18 0x7ab648 in fast_function /home/test/check/PythonASAN/Python/ceval.c:4929 (discriminator 1)
#19 0x7ab648 in ?? ??:0
#20 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#21 0x7a76f2 in ?? ??:0
#22 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#23 0x7995cc in ?? ??:0
#24 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#25 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#26 0x7a9847 in ?? ??:0
#27 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#28 0x7ac2ea in ?? ??:0
#29 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#30 0x574668 in ?? ??:0
#31 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#32 0x5749fa in ?? ??:0
#33 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#34 0x573e9b in ?? ??:0
#35 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#36 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357
#37 0x793369 in ?? ??:0
#38 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#39 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#40 0x7a9847 in ?? ??:0
#41 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#42 0x7ac2ea in ?? ??:0
#43 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#44 0x574668 in ?? ??:0
#45 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#46 0x5749fa in ?? ??:0
#47 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#48 0x573e9b in ?? ??:0
#49 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167
#50 0x66efe4 in ?? ??:0
#51 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
#52 0x5745f0 in ?? ??:0
#53 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
#54 0x7a7429 in ?? ??:0
#55 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#56 0x7995cc in ?? ??:0
#57 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#58 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#59 0x7a9847 in ?? ??:0
#60 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#61 0x7ac2ea in ?? ??:0
#62 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#63 0x574668 in ?? ??:0
#64 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#65 0x5749fa in ?? ??:0
#66 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#67 0x573e9b in ?? ??:0
#68 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#69 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357
#70 0x793369 in ?? ??:0
#71 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#72 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#73 0x7a9847 in ?? ??:0
#74 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#75 0x7ac2ea in ?? ??:0
#76 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#77 0x574668 in ?? ??:0
#78 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#79 0x5749fa in ?? ??:0
#80 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#81 0x573e9b in ?? ??:0
#82 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167
#83 0x66efe4 in ?? ??:0
#84 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
#85 0x5745f0 in ?? ??:0
#86 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
#87 0x7a7429 in ?? ??:0
#88 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#89 0x7995cc in ?? ??:0
#90 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#91 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#92 0x7a9847 in ?? ??:0
#93 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#94 0x7ac2ea in ?? ??:0
#95 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#96 0x574668 in ?? ??:0
#97 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#98 0x5749fa in ?? ??:0
#99 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#100 0x573e9b in ?? ??:0
#101 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#102 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357
#103 0x793369 in ?? ??:0
#104 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#105 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#106 0x7a9847 in ?? ??:0
#107 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#108 0x7ac2ea in ?? ??:0
#109 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#110 0x574668 in ?? ??:0
#111 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#112 0x5749fa in ?? ??:0
#113 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#114 0x573e9b in ?? ??:0
#115 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167
#116 0x66efe4 in ?? ??:0
#117 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
#118 0x5745f0 in ?? ??:0
#119 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
#120 0x7a7429 in ?? ??:0
#121 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#122 0x7995cc in ?? ??:0
#123 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#124 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870
#125 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
#126 0x7ab4cb in ?? ??:0
#127 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#128 0x7a76f2 in ?? ??:0
#129 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#130 0x7995cc in ?? ??:0
#131 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#132 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870
#133 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
#134 0x7ab4cb in ?? ??:0
#135 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#136 0x7a76f2 in ?? ??:0
#137 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#138 0x7995cc in ?? ??:0
#139 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#140 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#141 0x7a9847 in ?? ??:0
#142 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#143 0x7ac2ea in ?? ??:0
#144 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#145 0x574668 in ?? ??:0
#146 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#147 0x5749fa in ?? ??:0
#148 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#149 0x573e9b in ?? ??:0
#150 0x6713f8 in slot_tp_init /home/test/check/PythonASAN/Objects/typeobject.c:6380
#151 0x6713f8 in ?? ??:0
#152 0x666d8d in type_call /home/test/check/PythonASAN/Objects/typeobject.c:915 (discriminator 1)
#153 0x666d8d in ?? ??:0
#154 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
#155 0x5745f0 in ?? ??:0
#156 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
#157 0x7a7429 in ?? ??:0
#158 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#159 0x7995cc in ?? ??:0
#160 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#161 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#162 0x7a9847 in ?? ??:0
#163 0x78e0df in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140
#164 0x78e0df in PyEval_EvalCode /home/test/check/PythonASAN/Python/ceval.c:695
#165 0x78e0df in ?? ??:0
#166 0x5142f5 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:980
#167 0x5142f5 in PyRun_FileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:933
#168 0x5142f5 in ?? ??:0
#169 0x512afa in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:396
#170 0x512afa in ?? ??:0
#171 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320
#172 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780
#173 0x53eefd in ?? ??:0
#174 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69
#175 0x503d16 in ?? ??:0
#176 0x7f922e50882f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#177 0x7f922e50882f in ?? ??:0
#178 0x432548 in _start ??:?
#179 0x432548 in ?? ??:0
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/test/check/PythonASAN/build/lib.linux-x86_64-3.6/_ctypes.cpython-36m-x86_64-linux-gnu.so+0x17c61)
==18570==ABORTING |
|
Date |
User |
Action |
Args |
2017-02-08 14:45:38 | beginvuln | set | recipients:
+ beginvuln |
2017-02-08 14:45:37 | beginvuln | set | messageid: <1486565137.31.0.431748723797.issue29488@psf.upfronthosting.co.za> |
2017-02-08 14:45:37 | beginvuln | link | issue29488 messages |
2017-02-08 14:45:36 | beginvuln | create | |
|