Message327312
I send this to security@python.org.
Victor Stinner response me.
"import hashlib; hashlib.shake_128().hexdigest((-1)&2**64-1)" can crash python3.7 and master
```
fan@fan:~/github/new$ ./py3.7/bin/python3
Python 3.7.1rc1+ (heads/3.7:c59e75c, Oct 8 2018, 08:53:13)
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib; hashlib.shake_128().hexdigest((-1)&2**64-1)
ASAN:SIGSEGV
=================================================================
==29245==ERROR: AddressSanitizer: SEGV on unknown address 0x7f3a50713000 (pc 0x7f3a537994c1 bp 0x7ffd978e27f0 sp 0x7ffd978e1f78 T0)
#0 0x7f3a537994c0 (/lib/x86_64-linux-gnu/libc.so.6+0x1564c0)
#1 0x7f3a543df5d0 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c5d0)
#2 0x7f3a4f5a8603 in memcpy /usr/include/x86_64-linux-gnu/bits/string3.h:53
#3 0x7f3a4f5a8603 in _PySHA3_KeccakP1600_ExtractLanes /home/fan/github/new/cpython3.7/Modules/_sha3/kcp/KeccakP-1600-opt64.c:342
#4 0x7f3a4f5a877b in _PySHA3_KeccakP1600_ExtractBytes /home/fan/github/new/cpython3.7/Modules/_sha3/kcp/KeccakP-1600-opt64.c:375
#5 0x7f3a4f5a8965 in _PySHA3_KeccakWidth1600_SpongeSqueeze /home/fan/github/new/cpython3.7/Modules/_sha3/kcp/KeccakSponge.inc:287
#6 0x7f3a4f5a92a2 in _SHAKE_digest /home/fan/github/new/cpython3.7/Modules/_sha3/sha3module.c:615
#7 0x465348 in _PyMethodDef_RawFastCallKeywords Objects/call.c:644
#8 0x74c83c in _PyMethodDescr_FastCallKeywords Objects/descrobject.c:288
#9 0x441c3b in call_function Python/ceval.c:4579
#10 0x441c3b in _PyEval_EvalFrameDefault Python/ceval.c:3110
#11 0x5a3b1f in _PyEval_EvalCodeWithName Python/ceval.c:3930
#12 0x5a40c2 in PyEval_EvalCodeEx Python/ceval.c:3959
#13 0x5a40c2 in PyEval_EvalCode Python/ceval.c:524
#14 0x605047 in run_mod Python/pythonrun.c:1035
#15 0x6097c4 in PyRun_InteractiveOneObjectEx Python/pythonrun.c:256
#16 0x609d65 in PyRun_InteractiveLoopFlags Python/pythonrun.c:120
#17 0x60ad2b in PyRun_AnyFileExFlags Python/pythonrun.c:78
#18 0x44d7c5 in pymain_run_file Modules/main.c:427
#19 0x44d7c5 in pymain_run_filename Modules/main.c:1537
#20 0x44d7c5 in pymain_run_python Modules/main.c:2626
#21 0x44d7c5 in pymain_main Modules/main.c:2787
#22 0x44e33b in _Py_UnixMain Modules/main.c:2822
#23 0x7f3a5366382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#24 0x442db8 in _start (/home/fan/github/new/py3.7/bin/python3.7+0x442db8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ??
==29245==ABORTING
```
```
(venv) fan@fan:~/github/new$ python
Python 3.8.0a0 (heads/master:f6c8007, Sep 25 2018, 12:42:29)
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib; hashlib.shake_128().hexdigest((-1)&2**64-1)
ASAN:SIGSEGV
=================================================================
==29347==ERROR: AddressSanitizer: SEGV on unknown address 0x7f6df36db000 (pc 0x7f6df1a0a210 bp 0x7ffdc8f57a80 sp 0x7ffdc8f57208 T0)
#0 0x7f6df1a0a20f (/lib/x86_64-linux-gnu/libc.so.6+0x15720f)
#1 0x7f6df264f5d0 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c5d0)
#2 0x7f6ded528643 in memcpy /usr/include/x86_64-linux-gnu/bits/string3.h:53
#3 0x7f6ded528643 in _PySHA3_KeccakP1600_ExtractLanes /home/fan/github/new/cpython_a/Modules/_sha3/kcp/KeccakP-1600-opt64.c:342
#4 0x7f6ded5287bb in _PySHA3_KeccakP1600_ExtractBytes /home/fan/github/new/cpython_a/Modules/_sha3/kcp/KeccakP-1600-opt64.c:375
#5 0x7f6ded5289a5 in _PySHA3_KeccakWidth1600_SpongeSqueeze /home/fan/github/new/cpython_a/Modules/_sha3/kcp/KeccakSponge.inc:287
#6 0x7f6ded529312 in _SHAKE_digest /home/fan/github/new/cpython_a/Modules/_sha3/sha3module.c:609
#7 0x7f6ded529312 in _sha3_shake_128_hexdigest_impl /home/fan/github/new/cpython_a/Modules/_sha3/sha3module.c:658
#8 0x7f6ded529312 in _sha3_shake_128_hexdigest /home/fan/github/new/cpython_a/Modules/_sha3/clinic/sha3module.c.h:116
#9 0x46b389 in _PyMethodDef_RawFastCallKeywords Objects/call.c:644
#10 0x81403c in _PyMethodDescr_FastCallKeywords Objects/descrobject.c:288
#11 0x4416b1 in call_function Python/ceval.c:4600
#12 0x4416b1 in _PyEval_EvalFrameDefault Python/ceval.c:3186
#13 0x5ecfbb in PyEval_EvalFrameEx Python/ceval.c:536
#14 0x5ecfbb in _PyEval_EvalCodeWithName Python/ceval.c:3951
#15 0x5ed4d2 in PyEval_EvalCodeEx Python/ceval.c:3980
#16 0x5ed4d2 in PyEval_EvalCode Python/ceval.c:513
#17 0x68addd in run_mod Python/pythonrun.c:1031
#18 0x68addd in PyRun_InteractiveOneObjectEx Python/pythonrun.c:256
#19 0x68b3f5 in PyRun_InteractiveLoopFlags Python/pythonrun.c:120
#20 0x68b71b in PyRun_AnyFileExFlags Python/pythonrun.c:78
#21 0x44db6b in pymain_run_stdin Modules/main.c:1182
#22 0x44db6b in pymain_run_python Modules/main.c:1610
#23 0x44db6b in pymain_main Modules/main.c:1755
#24 0x44e39b in _Py_UnixMain Modules/main.c:1792
#25 0x7f6df18d382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#26 0x446228 in _start (/home/fan/github/new/py/bin/python3.8+0x446228)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ??
==29347==ABORTING
``` |
|
Date |
User |
Action |
Args |
2018-10-08 01:04:58 | shuoz | set | recipients:
+ shuoz, vstinner, christian.heimes, ned.deily, serhiy.storchaka, xtreak |
2018-10-08 01:04:58 | shuoz | set | messageid: <1538960698.06.0.545547206417.issue34922@psf.upfronthosting.co.za> |
2018-10-08 01:04:58 | shuoz | link | issue34922 messages |
2018-10-08 01:04:56 | shuoz | create | |
|