Issue 29493: AddressSanitizer: SEGV on unknown address 0x000cffff800d

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/73679

classification

Title:	AddressSanitizer: SEGV on unknown address 0x000cffff800d
Type:	behavior	Stage:	resolved
Components:	Extension Modules	Versions:	Python 3.6

process

Status:	closed	Resolution:
Dependencies:		Superseder:
Assigned To:		Nosy List:	beginvuln
Priority:	low	Keywords:

Created on 2017-02-08 14:50 by beginvuln, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
gcmodule_1699	beginvuln, 2017-02-08 14:50	PoC

Messages (1)
msg287330 - (view)	Author: BeginVuln (beginvuln)	Date: 2017-02-08 14:50
OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export CXX="/usr/bin/clang++ -fsanitize=address ./confiugre make GDB with exploitable: To enable execution of this file add add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py line to your configuration file "/home/test/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/test/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x000000000043d563 in PyObject_GC_UnTrack (op=0x7ffff3810400) at Modules/gcmodule.c:1699 1699 _PyObject_GC_UNTRACK(op); Description: Access violation on destination operand Short description: DestAv (8/22) Hash: a30125899c34aa234161214a7afc7066.d78488ccad0508b81b411140385e7113 Exploitability Classification: EXPLOITABLE Explanation: The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value. Other tags: AccessViolation (21/22) ASAN: EsFASAN:DEADLYSIGNAL ================================================================= ==18094==ERROR: AddressSanitizer: SEGV on unknown address 0x000cffff800d (pc 0x000000543039 bp 0x0fec572c0c81 sp 0x7ffc421b9cf0 T0) #0 0x543038 in PyObject_GC_UnTrack /home/test/check/PythonASAN/Modules/gcmodule.c:1699 (discriminator 4) #1 0x543038 in ?? ??:0 #2 0x65ca2f in subtype_dealloc /home/test/check/PythonASAN/Objects/typeobject.c:1133 #3 0x65ca2f in ?? ??:0 #4 0x5d10da in frame_dealloc /home/test/check/PythonASAN/Objects/frameobject.c:423 (discriminator 5) #5 0x5d10da in ?? ??:0 #6 0x5304c4 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:55 (discriminator 5) #7 0x5304c4 in ?? ??:0 #8 0x530456 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:54 (discriminator 5) #9 0x530456 in ?? ??:0 #10 0x530456 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:54 (discriminator 5) #11 0x530456 in ?? ??:0 #12 0x5b3b49 in BaseException_clear /home/test/check/PythonASAN/Objects/exceptions.c:76 (discriminator 5) #13 0x5b3b49 in ?? ??:0 #14 0x5b3742 in BaseException_dealloc /home/test/check/PythonASAN/Objects/exceptions.c:86 #15 0x5b3742 in ?? ??:0 #16 0x656df9 in tupledealloc /home/test/check/PythonASAN/Objects/tupleobject.c:243 (discriminator 5) #17 0x656df9 in ?? ??:0 #18 0x656df9 in tupledealloc /home/test/check/PythonASAN/Objects/tupleobject.c:243 (discriminator 5) #19 0x656df9 in ?? ??:0 #20 0x5e5c19 in list_clear /home/test/check/PythonASAN/Objects/listobject.c:562 (discriminator 5) #21 0x5e5c19 in listclear /home/test/check/PythonASAN/Objects/listobject.c:763 (discriminator 5) #22 0x5e5c19 in ?? ??:0 #23 0x632208 in _PyCFunction_FastCallDict /home/test/check/PythonASAN/Objects/methodobject.c:192 #24 0x632208 in ?? ??:0 #25 0x7a7751 in call_function /home/test/check/PythonASAN/Python/ceval.c:4788 (discriminator 17) #26 0x7a7751 in ?? ??:0 #27 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #28 0x7995cc in ?? ??:0 #29 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #30 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #31 0x7a9847 in ?? ??:0 #32 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #33 0x7ac2ea in ?? ??:0 #34 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #35 0x574668 in ?? ??:0 #36 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #37 0x5749fa in ?? ??:0 #38 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #39 0x573e9b in ?? ??:0 #40 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #41 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #42 0x793369 in ?? ??:0 #43 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #44 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #45 0x7a9847 in ?? ??:0 #46 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #47 0x7ac2ea in ?? ??:0 #48 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #49 0x574668 in ?? ??:0 #50 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #51 0x5749fa in ?? ??:0 #52 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #53 0x573e9b in ?? ??:0 #54 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #55 0x66efe4 in ?? ??:0 #56 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #57 0x5745f0 in ?? ??:0 #58 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #59 0x7a7429 in ?? ??:0 #60 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #61 0x7995cc in ?? ??:0 #62 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #63 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #64 0x7a9847 in ?? ??:0 #65 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #66 0x7ac2ea in ?? ??:0 #67 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #68 0x574668 in ?? ??:0 #69 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #70 0x5749fa in ?? ??:0 #71 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #72 0x573e9b in ?? ??:0 #73 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #74 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #75 0x793369 in ?? ??:0 #76 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #77 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #78 0x7a9847 in ?? ??:0 #79 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #80 0x7ac2ea in ?? ??:0 #81 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #82 0x574668 in ?? ??:0 #83 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #84 0x5749fa in ?? ??:0 #85 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #86 0x573e9b in ?? ??:0 #87 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #88 0x66efe4 in ?? ??:0 #89 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #90 0x5745f0 in ?? ??:0 #91 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #92 0x7a7429 in ?? ??:0 #93 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #94 0x7995cc in ?? ??:0 #95 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #96 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #97 0x7a9847 in ?? ??:0 #98 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #99 0x7ac2ea in ?? ??:0 #100 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #101 0x574668 in ?? ??:0 #102 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #103 0x5749fa in ?? ??:0 #104 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #105 0x573e9b in ?? ??:0 #106 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057 #107 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357 #108 0x793369 in ?? ??:0 #109 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #110 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #111 0x7a9847 in ?? ??:0 #112 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #113 0x7ac2ea in ?? ??:0 #114 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #115 0x574668 in ?? ??:0 #116 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #117 0x5749fa in ?? ??:0 #118 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #119 0x573e9b in ?? ??:0 #120 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167 #121 0x66efe4 in ?? ??:0 #122 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #123 0x5745f0 in ?? ??:0 #124 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #125 0x7a7429 in ?? ??:0 #126 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #127 0x7995cc in ?? ??:0 #128 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #129 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #130 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #131 0x7ab4cb in ?? ??:0 #132 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #133 0x7a76f2 in ?? ??:0 #134 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #135 0x7995cc in ?? ??:0 #136 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #137 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870 #138 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905 #139 0x7ab4cb in ?? ??:0 #140 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809 #141 0x7a76f2 in ?? ??:0 #142 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #143 0x7995cc in ?? ??:0 #144 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #145 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #146 0x7a9847 in ?? ??:0 #147 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021 #148 0x7ac2ea in ?? ??:0 #149 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295 #150 0x574668 in ?? ??:0 #151 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358 #152 0x5749fa in ?? ??:0 #153 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246 #154 0x573e9b in ?? ??:0 #155 0x6713f8 in slot_tp_init /home/test/check/PythonASAN/Objects/typeobject.c:6380 #156 0x6713f8 in ?? ??:0 #157 0x666d8d in type_call /home/test/check/PythonASAN/Objects/typeobject.c:915 (discriminator 1) #158 0x666d8d in ?? ??:0 #159 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316 #160 0x5745f0 in ?? ??:0 #161 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812 #162 0x7a7429 in ?? ??:0 #163 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275 #164 0x7995cc in ?? ??:0 #165 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718 #166 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119 #167 0x7a9847 in ?? ??:0 #168 0x78e0df in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140 #169 0x78e0df in PyEval_EvalCode /home/test/check/PythonASAN/Python/ceval.c:695 #170 0x78e0df in ?? ??:0 #171 0x5142f5 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:980 #172 0x5142f5 in PyRun_FileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:933 #173 0x5142f5 in ?? ??:0 #174 0x512afa in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:396 #175 0x512afa in ?? ??:0 #176 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320 #177 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780 #178 0x53eefd in ?? ??:0 #179 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69 #180 0x503d16 in ?? ??:0 #181 0x7f62bf5d482f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291 #182 0x7f62bf5d482f in ?? ??:0 #183 0x432548 in _start ??:? #184 0x432548 in ?? ??:0 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/home/test/check/PythonASAN/python+0x543038) ==18094==ABORTING

msg287330 - (view)

Author: BeginVuln (beginvuln)

Date: 2017-02-08 14:50

OS Version : Ubuntu 16.04 LTS
Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd : 
./configure 
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
	add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
	set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
	info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x000000000043d563 in PyObject_GC_UnTrack (op=0x7ffff3810400) at Modules/gcmodule.c:1699
1699	        _PyObject_GC_UNTRACK(op);
Description: Access violation on destination operand
Short description: DestAv (8/22)
Hash: a30125899c34aa234161214a7afc7066.d78488ccad0508b81b411140385e7113
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value.
Other tags: AccessViolation (21/22)


ASAN:

EsFASAN:DEADLYSIGNAL
=================================================================
==18094==ERROR: AddressSanitizer: SEGV on unknown address 0x000cffff800d (pc 0x000000543039 bp 0x0fec572c0c81 sp 0x7ffc421b9cf0 T0)
    #0 0x543038 in PyObject_GC_UnTrack /home/test/check/PythonASAN/Modules/gcmodule.c:1699 (discriminator 4)
    #1 0x543038 in ?? ??:0
    #2 0x65ca2f in subtype_dealloc /home/test/check/PythonASAN/Objects/typeobject.c:1133
    #3 0x65ca2f in ?? ??:0
    #4 0x5d10da in frame_dealloc /home/test/check/PythonASAN/Objects/frameobject.c:423 (discriminator 5)
    #5 0x5d10da in ?? ??:0
    #6 0x5304c4 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:55 (discriminator 5)
    #7 0x5304c4 in ?? ??:0
    #8 0x530456 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:54 (discriminator 5)
    #9 0x530456 in ?? ??:0
    #10 0x530456 in tb_dealloc /home/test/check/PythonASAN/Python/traceback.c:54 (discriminator 5)
    #11 0x530456 in ?? ??:0
    #12 0x5b3b49 in BaseException_clear /home/test/check/PythonASAN/Objects/exceptions.c:76 (discriminator 5)
    #13 0x5b3b49 in ?? ??:0
    #14 0x5b3742 in BaseException_dealloc /home/test/check/PythonASAN/Objects/exceptions.c:86
    #15 0x5b3742 in ?? ??:0
    #16 0x656df9 in tupledealloc /home/test/check/PythonASAN/Objects/tupleobject.c:243 (discriminator 5)
    #17 0x656df9 in ?? ??:0
    #18 0x656df9 in tupledealloc /home/test/check/PythonASAN/Objects/tupleobject.c:243 (discriminator 5)
    #19 0x656df9 in ?? ??:0
    #20 0x5e5c19 in list_clear /home/test/check/PythonASAN/Objects/listobject.c:562 (discriminator 5)
    #21 0x5e5c19 in listclear /home/test/check/PythonASAN/Objects/listobject.c:763 (discriminator 5)
    #22 0x5e5c19 in ?? ??:0
    #23 0x632208 in _PyCFunction_FastCallDict /home/test/check/PythonASAN/Objects/methodobject.c:192
    #24 0x632208 in ?? ??:0
    #25 0x7a7751 in call_function /home/test/check/PythonASAN/Python/ceval.c:4788 (discriminator 17)
    #26 0x7a7751 in ?? ??:0
    #27 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
    #28 0x7995cc in ?? ??:0
    #29 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
    #30 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
    #31 0x7a9847 in ?? ??:0
    #32 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
    #33 0x7ac2ea in ?? ??:0
    #34 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
    #35 0x574668 in ?? ??:0
    #36 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
    #37 0x5749fa in ?? ??:0
    #38 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
    #39 0x573e9b in ?? ??:0
    #40 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
    #41 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357
    #42 0x793369 in ?? ??:0
    #43 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
    #44 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
    #45 0x7a9847 in ?? ??:0
    #46 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
    #47 0x7ac2ea in ?? ??:0
    #48 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
    #49 0x574668 in ?? ??:0
    #50 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
    #51 0x5749fa in ?? ??:0
    #52 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
    #53 0x573e9b in ?? ??:0
    #54 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167
    #55 0x66efe4 in ?? ??:0
    #56 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
    #57 0x5745f0 in ?? ??:0
    #58 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
    #59 0x7a7429 in ?? ??:0
    #60 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
    #61 0x7995cc in ?? ??:0
    #62 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
    #63 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
    #64 0x7a9847 in ?? ??:0
    #65 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
    #66 0x7ac2ea in ?? ??:0
    #67 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
    #68 0x574668 in ?? ??:0
    #69 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
    #70 0x5749fa in ?? ??:0
    #71 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
    #72 0x573e9b in ?? ??:0
    #73 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
    #74 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357
    #75 0x793369 in ?? ??:0
    #76 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
    #77 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
    #78 0x7a9847 in ?? ??:0
    #79 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
    #80 0x7ac2ea in ?? ??:0
    #81 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
    #82 0x574668 in ?? ??:0
    #83 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
    #84 0x5749fa in ?? ??:0
    #85 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
    #86 0x573e9b in ?? ??:0
    #87 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167
    #88 0x66efe4 in ?? ??:0
    #89 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
    #90 0x5745f0 in ?? ??:0
    #91 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
    #92 0x7a7429 in ?? ??:0
    #93 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
    #94 0x7995cc in ?? ??:0
    #95 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
    #96 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
    #97 0x7a9847 in ?? ??:0
    #98 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
    #99 0x7ac2ea in ?? ??:0
    #100 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
    #101 0x574668 in ?? ??:0
    #102 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
    #103 0x5749fa in ?? ??:0
    #104 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
    #105 0x573e9b in ?? ??:0
    #106 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
    #107 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357
    #108 0x793369 in ?? ??:0
    #109 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
    #110 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
    #111 0x7a9847 in ?? ??:0
    #112 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
    #113 0x7ac2ea in ?? ??:0
    #114 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
    #115 0x574668 in ?? ??:0
    #116 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
    #117 0x5749fa in ?? ??:0
    #118 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
    #119 0x573e9b in ?? ??:0
    #120 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167
    #121 0x66efe4 in ?? ??:0
    #122 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
    #123 0x5745f0 in ?? ??:0
    #124 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
    #125 0x7a7429 in ?? ??:0
    #126 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
    #127 0x7995cc in ?? ??:0
    #128 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
    #129 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870
    #130 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
    #131 0x7ab4cb in ?? ??:0
    #132 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
    #133 0x7a76f2 in ?? ??:0
    #134 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
    #135 0x7995cc in ?? ??:0
    #136 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
    #137 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870
    #138 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
    #139 0x7ab4cb in ?? ??:0
    #140 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
    #141 0x7a76f2 in ?? ??:0
    #142 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
    #143 0x7995cc in ?? ??:0
    #144 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
    #145 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
    #146 0x7a9847 in ?? ??:0
    #147 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
    #148 0x7ac2ea in ?? ??:0
    #149 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
    #150 0x574668 in ?? ??:0
    #151 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
    #152 0x5749fa in ?? ??:0
    #153 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
    #154 0x573e9b in ?? ??:0
    #155 0x6713f8 in slot_tp_init /home/test/check/PythonASAN/Objects/typeobject.c:6380
    #156 0x6713f8 in ?? ??:0
    #157 0x666d8d in type_call /home/test/check/PythonASAN/Objects/typeobject.c:915 (discriminator 1)
    #158 0x666d8d in ?? ??:0
    #159 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
    #160 0x5745f0 in ?? ??:0
    #161 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
    #162 0x7a7429 in ?? ??:0
    #163 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
    #164 0x7995cc in ?? ??:0
    #165 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
    #166 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
    #167 0x7a9847 in ?? ??:0
    #168 0x78e0df in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140
    #169 0x78e0df in PyEval_EvalCode /home/test/check/PythonASAN/Python/ceval.c:695
    #170 0x78e0df in ?? ??:0
    #171 0x5142f5 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:980
    #172 0x5142f5 in PyRun_FileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:933
    #173 0x5142f5 in ?? ??:0
    #174 0x512afa in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:396
    #175 0x512afa in ?? ??:0
    #176 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320
    #177 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780
    #178 0x53eefd in ?? ??:0
    #179 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69
    #180 0x503d16 in ?? ??:0
    #181 0x7f62bf5d482f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
    #182 0x7f62bf5d482f in ?? ??:0
    #183 0x432548 in _start ??:?
    #184 0x432548 in ?? ??:0

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/test/check/PythonASAN/python+0x543038)
==18094==ABORTING

History
Date	User	Action	Args
2022-04-11 14:58:42	admin	set	github: 73679
2017-02-08 15:00:01	matrixise	set	status: open -> closed stage: resolved
2017-02-08 14:56:17	christian.heimes	set	priority: normal -> low type: security -> behavior components: + Extension Modules, - Interpreter Core
2017-02-08 14:50:45	beginvuln	create