Message249121
sendto(4, "asdfasdfsadfasdfsdfsadfsdfasdfsd"..., 42, 0, NULL, 0) = 42
recvfrom(3, "a\0n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\0\0\0\0\2\0\0\0"..., 1, MSG_TRUNC, NULL, NULL) = 42
I think the exit code is interpreted incorrectly. In this case it isn't equal to the number of bytes received. Then python copies this number of bytes from the buffer with smaller size, so it may access memory which are not allocated or allocated by someone else.
valgrind detects this type of errors:
[avagin@localhost ~]$ cat sock.py
import socket, os, sys
sks = socket.socketpair(socket.AF_UNIX, socket.SOCK_DGRAM)
pid = os.fork()
if pid == 0:
sks[1].send("\0" * 4096)
sys.exit(0)
sk = sks[0]
print sk.recv(1, socket.MSG_TRUNC )
[avagin@localhost ~]$ valgrind python sock.py
==25511== Memcheck, a memory error detector
==25511== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==25511== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==25511== Command: python sock.py
==25511==
==25511== Syscall param write(buf) points to uninitialised byte(s)
==25511== at 0x320B4F0940: __write_nocancel (in /usr/lib64/libc-2.20.so)
==25511== by 0x320B478D2C: _IO_file_write@@GLIBC_2.2.5 (in /usr/lib64/libc-2.20.so)
==25511== by 0x320B4794EE: _IO_file_xsputn@@GLIBC_2.2.5 (in /usr/lib64/libc-2.20.so)
==25511== by 0x320B46EE68: fwrite (in /usr/lib64/libc-2.20.so)
==25511== by 0x369CC90210: ??? (in /usr/lib64/libpython2.7.so.1.0)
==25511== by 0x369CC85EAE: ??? (in /usr/lib64/libpython2.7.so.1.0)
==25511== by 0x369CC681AB: PyFile_WriteObject (in /usr/lib64/libpython2.7.so.1.0)
==25511== by 0x369CCE08F9: PyEval_EvalFrameEx (in /usr/lib64/libpython2.7.so.1.0)
==25511== by 0x369CCE340F: PyEval_EvalCodeEx (in /usr/lib64/libpython2.7.so.1.0)
==25511== by 0x369CCE3508: PyEval_EvalCode (in /usr/lib64/libpython2.7.so.1.0)
==25511== by 0x369CCFC91E: ??? (in /usr/lib64/libpython2.7.so.1.0)
==25511== by 0x369CCFDB41: PyRun_FileExFlags (in /usr/lib64/libpython2.7.so.1.0) |
|
Date |
User |
Action |
Args |
2015-08-25 13:21:46 | Andrey Wagin | set | recipients:
+ Andrey Wagin |
2015-08-25 13:21:46 | Andrey Wagin | set | messageid: <1440508906.31.0.303296966959.issue24933@psf.upfronthosting.co.za> |
2015-08-25 13:21:46 | Andrey Wagin | link | issue24933 messages |
2015-08-25 13:21:45 | Andrey Wagin | create | |
|