classification
Title: ASAN: stack-use-after-scope in grp.getgr{nam,gid} and pwd.getpw{nam,uid}
Type: behavior Stage: resolved
Components: Extension Modules Versions: Python 3.8
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: berker.peksag, izbyshev, serhiy.storchaka, vstinner, wg
Priority: normal Keywords: patch

Created on 2018-11-04 14:26 by izbyshev, last changed 2018-11-04 15:44 by serhiy.storchaka. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 10319 merged izbyshev, 2018-11-04 14:29
Messages (3)
msg329230 - (view) Author: Alexey Izbyshev (izbyshev) * (Python triager) Date: 2018-11-04 14:26
==24122==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffb1c62550 at pc 0x0000006ec66c bp 0x7fffb1c62450 sp 0x7fffb1c62448
READ of size 8 at 0x7fffb1c62550 thread T0
    #0 0x6ec66b in mkpwent /scratch2/izbyshev/cpython/Modules/pwdmodule.c:79
    #1 0x6ecdc9 in pwd_getpwnam_impl /scratch2/izbyshev/cpython/Modules/pwdmodule.c:260
    #2 0x6ecfee in pwd_getpwnam /scratch2/izbyshev/cpython/Modules/clinic/pwdmodule.c.h:39
    #3 0x454146 in _PyMethodDef_RawFastCallKeywords /scratch2/izbyshev/cpython/Objects/call.c:644
[======= snip =======]
Address 0x7fffb1c62550 is located in stack of thread T0 at offset 160 in frame
    #0 0x6eca60 in pwd_getpwnam_impl /scratch2/izbyshev/cpython/Modules/pwdmodule.c:203

  This frame has 3 object(s):
    [32, 40) 'name_chars'
    [96, 104) 'p'
    [160, 208) 'pwd' <== Memory access at offset 160 is inside this variable

Variables declared in the block scope created with Py_BEGIN_ALLOW_THREADS/Py_END_ALLOW_THREADS are referred to via a pointer outside of that scope (i.e., after their lifetime ends). The bug was introduced in https://github.com/python/cpython/commit/23e65b25557f957af840cf8fe68e80659ce28629 .
msg329233 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-11-04 14:59
Good catch!
msg329234 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-11-04 15:44
New changeset e359bc24b1f3a6ce311b9ef3043d1fdf5f1bf1cd by Serhiy Storchaka (Alexey Izbyshev) in branch 'master':
bpo-35161: Fix stack-use-after-scope in grp.getgr{nam,gid} and pwd.getpw{nam,uid}. (GH-10319)
https://github.com/python/cpython/commit/e359bc24b1f3a6ce311b9ef3043d1fdf5f1bf1cd
History
Date User Action Args
2018-11-04 15:44:54serhiy.storchakasetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2018-11-04 15:44:25serhiy.storchakasetmessages: + msg329234
2018-11-04 14:59:49serhiy.storchakasetmessages: + msg329233
2018-11-04 14:29:00izbyshevsetkeywords: + patch
stage: patch review
pull_requests: + pull_request9620
2018-11-04 14:26:54izbyshevcreate