Issue 36526: python crash when loading some .pyc file

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/80707

classification

Title:	python crash when loading some .pyc file
Type:	crash	Stage:	resolved
Components:	Interpreter Core	Versions:	Python 3.8

process

Status:	closed	Resolution:	not a bug
Dependencies:		Superseder:
Assigned To:		Nosy List:	Ahmed Soliman, serhiy.storchaka
Priority:	normal	Keywords:

Created on 2019-04-04 15:12 by Ahmed Soliman, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
id:000147,sig:11,src:000000,op:arith8,pos:53,val:-23	Ahmed Soliman, 2019-04-04 15:12	crash generator

Messages (2)
msg339448 - (view)	Author: Ahmed Soliman (Ahmed Soliman)	Date: 2019-04-04 15:12
I was fuzzing python pyc and I got this segmentation fault ``` ==25016==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000007d147f bp 0x7ffc6875cfc0 sp 0x7ffc6875c7e0 T0) ==25016==The signal is caused by a WRITE memory access. ==25016==Hint: address points to the zero page. #0 0x7d147e in _Py_INCREF /home/cpython/./Include/object.h:453:18 #1 0x7d147e in _PyEval_EvalFrameDefault /home/cpython/Python/ceval.c:1186 #2 0x7e38bc in PyEval_EvalFrameEx /home/cpython/Python/ceval.c:625:12 #3 0x7e38bc in _PyEval_EvalCodeWithName /home/cpython/Python/ceval.c:4036 #4 0x7b72d3 in PyEval_EvalCodeEx /home/cpython/Python/ceval.c:4065:12 #5 0x7b72d3 in PyEval_EvalCode /home/cpython/Python/ceval.c:602 #6 0x911643 in run_eval_code_obj /home/cpython/Python/pythonrun.c:1047:9 #7 0x911643 in run_pyc_file /home/cpython/Python/pythonrun.c:1100 #8 0x911643 in PyRun_SimpleFileExFlags /home/cpython/Python/pythonrun.c:420 #9 0x9102cb in PyRun_AnyFileExFlags /home/cpython/Python/pythonrun.c:85:16 #10 0x517df8 in pymain_run_file /home/cpython/Modules/main.c:346:15 #11 0x517df8 in pymain_run_python /home/cpython/Modules/main.c:511 #12 0x517df8 in _Py_RunMain /home/cpython/Modules/main.c:583 #13 0x51901a in pymain_main /home/cpython/Modules/main.c:612:12 #14 0x5193e3 in _Py_UnixMain /home/cpython/Modules/main.c:636:12 #15 0x7fd06244375a in __libc_start_main (/lib64/libc.so.6+0x2375a) #16 0x437919 in _start (/home/cpython/python+0x437919) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/cpython/./Include/object.h:453:18 in _Py_INCREF ==25016==ABORTING ``` Python version Python 3.8.0a3+ (heads/master:cb0748d393, Apr 4 2019, 16:40:18) [Clang 8.0.0 (tags/RELEASE_800/final)] on linux
msg339450 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) *	Date: 2019-04-04 15:56
Using random binary data instead of a .pyc file is an undefined behavior. .pyc file is a cache of the .py file.

History
Date	User	Action	Args
2022-04-11 14:59:13	admin	set	github: 80707
2019-04-04 15:56:23	serhiy.storchaka	set	status: open -> closed resolution: not a bug messages: + msg339450 stage: resolved
2019-04-04 15:15:32	SilentGhost	set	nosy: + serhiy.storchaka type: crash components: + Interpreter Core
2019-04-04 15:12:11	Ahmed Soliman	create