Author vstinner
Recipients lemburg, serhiy.storchaka, vstinner
Date 2016-03-09.11:47:37
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1457524057.88.0.985363623353.issue26516@psf.upfronthosting.co.za>
In-reply-to
Content
Example with Python compiled in release mode.

By default, a buffer overflow is not detected. It may crash later, in a random place...

$ ./python -c 'import _testcapi; _testcapi.pymem_buffer_overflow()'


Enabling debug hooks detects the buffer overflow immediatly:


$ PYTHONMALLOC=pymalloc_debug ./python -c 'import _testcapi; _testcapi.pymem_buffer_overflow()'
Debug memory block at address p=0x1a7f490: API 'm'
    16 bytes originally requested
    The 7 pad bytes at p-7 are FORBIDDENBYTE, as expected.
    The 8 pad bytes at tail=0x1a7f4a0 are not all FORBIDDENBYTE (0xfb):
        at tail+0: 0x78 *** OUCH
        at tail+1: 0xfb
        at tail+2: 0xfb
        at tail+3: 0xfb
        at tail+4: 0xfb
        at tail+5: 0xfb
        at tail+6: 0xfb
        at tail+7: 0xfb
    The block was made by call #35014 to debug malloc/realloc.
    Data at p: cb cb cb cb cb cb cb cb cb cb cb cb cb cb cb cb
Fatal Python error: bad trailing pad byte

Current thread 0x00007fca30572700 (most recent call first):
  File "<string>", line 1 in <module>
Abandon (core dumped)
History
Date User Action Args
2016-03-09 11:47:37vstinnersetrecipients: + vstinner, lemburg, serhiy.storchaka
2016-03-09 11:47:37vstinnersetmessageid: <1457524057.88.0.985363623353.issue26516@psf.upfronthosting.co.za>
2016-03-09 11:47:37vstinnerlinkissue26516 messages
2016-03-09 11:47:37vstinnercreate