Message261415
Example with Python compiled in release mode.
By default, a buffer overflow is not detected. It may crash later, in a random place...
$ ./python -c 'import _testcapi; _testcapi.pymem_buffer_overflow()'
Enabling debug hooks detects the buffer overflow immediatly:
$ PYTHONMALLOC=pymalloc_debug ./python -c 'import _testcapi; _testcapi.pymem_buffer_overflow()'
Debug memory block at address p=0x1a7f490: API 'm'
16 bytes originally requested
The 7 pad bytes at p-7 are FORBIDDENBYTE, as expected.
The 8 pad bytes at tail=0x1a7f4a0 are not all FORBIDDENBYTE (0xfb):
at tail+0: 0x78 *** OUCH
at tail+1: 0xfb
at tail+2: 0xfb
at tail+3: 0xfb
at tail+4: 0xfb
at tail+5: 0xfb
at tail+6: 0xfb
at tail+7: 0xfb
The block was made by call #35014 to debug malloc/realloc.
Data at p: cb cb cb cb cb cb cb cb cb cb cb cb cb cb cb cb
Fatal Python error: bad trailing pad byte
Current thread 0x00007fca30572700 (most recent call first):
File "<string>", line 1 in <module>
Abandon (core dumped) |
|
Date |
User |
Action |
Args |
2016-03-09 11:47:37 | vstinner | set | recipients:
+ vstinner, lemburg, serhiy.storchaka |
2016-03-09 11:47:37 | vstinner | set | messageid: <1457524057.88.0.985363623353.issue26516@psf.upfronthosting.co.za> |
2016-03-09 11:47:37 | vstinner | link | issue26516 messages |
2016-03-09 11:47:37 | vstinner | create | |
|