AddressSanitizer: SEGV on unknown address 0x01ffe96de071

[beginvuln]

BPO	29496
Files	longobj_408: PoC

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2017-02-08.14:59:17.363>
created_at = <Date 2017-02-08.14:53:50.204>
labels = ['extension-modules', 'type-bug']
title = 'AddressSanitizer: SEGV on unknown address 0x01ffe96de071'
updated_at = <Date 2017-02-08.14:59:17.362>
user = 'https://bugs.python.org/beginvuln'

bugs.python.org fields:

activity = <Date 2017-02-08.14:59:17.362>
actor = 'matrixise'
assignee = 'none'
closed = True
closed_date = <Date 2017-02-08.14:59:17.363>
closer = 'matrixise'
components = ['Extension Modules']
creation = <Date 2017-02-08.14:53:50.204>
creator = 'beginvuln'
dependencies = []
files = ['46591']
hgrepos = []
issue_num = 29496
keywords = []
message_count = 1.0
messages = ['287335']
nosy_count = 1.0
nosy_names = ['beginvuln']
pr_nums = []
priority = 'low'
resolution = None
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue29496'
versions = ['Python 3.6']

[beginvuln]

OS Version : Ubuntu 16.04 LTS
Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Python version : 3.6.0

Normal build cmd :
./configure
make

Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make

GDB with exploitable:

To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Inferior 1 (process 19429) exited with code 01]

ASAN:

ASAN:DEADLYSIGNAL
=================================================================
==18136==ERROR: AddressSanitizer: SEGV on unknown address 0x01ffe96de071 (pc 0x0000005e9305 bp 0x7ffc234b3300 sp 0x7ffc234b3240 T0)
#0 0x5e9304 in PyLong_AsLongAndOverflow /home/test/check/PythonASAN/Objects/longobject.c:408
#1 0x5e9304 in ?? ??:0
#2 0x5e9658 in PyLong_AsLong /home/test/check/PythonASAN/Objects/longobject.c:474 (discriminator 1)
#3 0x5e9658 in ?? ??:0
#4 0x7fda5a8bfe3f in ffi_call_unix64 ??:?
#5 0x7fda5a8bfe3f in ?? ??:0
#6 0x7fda5a8bf8aa in ffi_call ??:?
#7 0x7fda5a8bf8aa in ?? ??:0
#8 0x7fda5aaed311 in _call_function_pointer /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809
#9 0x7fda5aaed311 in _ctypes_callproc /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147
#10 0x7fda5aaed311 in ?? ??:0
#11 0x7fda5aadc199 in PyCFuncPtr_call /home/test/check/PythonASAN/Modules/ctypes/ctypes.c:3870
#12 0x7fda5aadc199 in ?? ??:0
#13 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
#14 0x5745f0 in ?? ??:0
#15 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
#16 0x7a7429 in ?? ??:0
#17 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#18 0x7995cc in ?? ??:0
#19 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#20 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#21 0x7a9847 in ?? ??:0
#22 0x78e15d in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140
#23 0x78e15d in ?? ??:0
#24 0x784f1a in builtin___build_class /home/test/check/PythonASAN/Python/bltinmodule.c:170
#25 0x784f1a in ?? ??:0
#26 0x631f93 in _PyCFunction_FastCallDict /home/test/check/PythonASAN/Objects/methodobject.c:231
#27 0x631f93 in ?? ??:0
#28 0x7a7751 in call_function /home/test/check/PythonASAN/Python/ceval.c:4788 (discriminator 17)
#29 0x7a7751 in ?? ??:0
#30 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#31 0x7995cc in ?? ??:0
#32 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#33 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#34 0x7a9847 in ?? ??:0
#35 0x78e0df in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140
#36 0x78e0df in PyEval_EvalCode /home/test/check/PythonASAN/Python/ceval.c:695
#37 0x78e0df in ?? ??:0
#38 0x5142f5 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:980
#39 0x5142f5 in PyRun_FileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:933
#40 0x5142f5 in ?? ??:0
#41 0x512afa in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:396
#42 0x512afa in ?? ??:0
#43 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320
#44 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780
#45 0x53eefd in ?? ??:0
#46 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69
#47 0x503d16 in ?? ??:0
#48 0x7fda5deaf82f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#49 0x7fda5deaf82f in ?? ??:0
#50 0x432548 in _start ??:?
#51 0x432548 in ?? ??:0

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/test/check/PythonASAN/python+0x5e9304)
==18136==ABORTING