Use after free in ctypes test suite #80434

btharper · 2019-03-10T00:08:41Z

BPO	36253
Nosy	@Yhg1s, @gpshead, @amauryfa, @abalkin, @meadori, @bradlarsen, @btharper
PRs	bpo-36253: Remove use after free reference in ctypes test suite #12257
Files	asan StringPtrTestCase.txt: Stack trace of failure

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2019-10-08.12:45:52.155>
created_at = <Date 2019-03-10.00:08:40.950>
labels = ['3.7', '3.8', 'ctypes', 'type-bug', 'tests']
title = 'Use after free in ctypes test suite'
updated_at = <Date 2019-10-08.12:45:52.155>
user = 'https://github.com/btharper'

bugs.python.org fields:

activity = <Date 2019-10-08.12:45:52.155>
actor = 'btharper'
assignee = 'none'
closed = True
closed_date = <Date 2019-10-08.12:45:52.155>
closer = 'btharper'
components = ['Tests', 'ctypes']
creation = <Date 2019-03-10.00:08:40.950>
creator = 'btharper'
dependencies = []
files = ['48202']
hgrepos = []
issue_num = 36253
keywords = ['patch']
message_count = 4.0
messages = ['337583', '339258', '351697', '354198']
nosy_count = 7.0
nosy_names = ['twouters', 'gregory.p.smith', 'amaury.forgeotdarc', 'belopolsky', 'meador.inge', 'blarsen', 'btharper']
pr_nums = ['12257']
priority = 'normal'
resolution = None
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue36253'
versions = ['Python 2.7', 'Python 3.4', 'Python 3.5', 'Python 3.6', 'Python 3.7', 'Python 3.8']

btharper · 2019-03-10T00:08:40Z

When running the builtin test suite with address sanitizer enabled, one of the ctypes tests causes a use after free demonstrating the danger of using a reference to the inside of a deallocated buffer. This use is detected as an error by the address sanitizer and can be replicated with the following; a stack trace from the resulting failure is attached.

export ASAN_OPTIONS="detect_leaks=0"
make clean
./configure --with-address-sanitizer --with-pydebug
make
./python Lib/ctypes/test/test_stringptr.py StringPtrTestCase -v

bradlarsen · 2019-03-31T14:01:59Z

I was just going to submit a patch for this, then I found this issue.

I can confirm; I see the same use-after-free without the fix.

Yhg1s · 2019-09-10T15:20:18Z

New changeset a9b6033 by T. Wouters (Ben Harper) in branch 'master':
bpo-36253: Remove use after free reference in ctypes test suite (GH-12257)
a9b6033

btharper · 2019-10-08T12:45:52Z

Changes merged

btharper mannequin added 3.7 (EOL) end of life 3.8 only security fixes tests Tests in the Lib/test dir topic-ctypes type-bug An unexpected behavior, bug, or error labels Mar 10, 2019

btharper mannequin closed this as completed Oct 8, 2019

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use after free in ctypes test suite #80434

Use after free in ctypes test suite #80434

btharper mannequin commented Mar 10, 2019

btharper mannequin commented Mar 10, 2019

bradlarsen mannequin commented Mar 31, 2019

Yhg1s commented Sep 10, 2019

btharper mannequin commented Oct 8, 2019

Use after free in ctypes test suite #80434

Use after free in ctypes test suite #80434

Comments

btharper mannequin commented Mar 10, 2019

btharper mannequin commented Mar 10, 2019

bradlarsen mannequin commented Mar 31, 2019

Yhg1s commented Sep 10, 2019

btharper mannequin commented Oct 8, 2019