[New-bugs-announce] [issue29482] AddressSanitizer: attempting double-free on 0x60b000007050
xGblankGx
report at bugs.python.org
Wed Feb 8 09:37:43 EST 2017
New submission from xGblankGx:
OS Version : Ubuntu 16.04 LTS
Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
Python version : 3.6.0
Normal build cmd :
./configure
make
Asan build cmd:
export CC="/usr/bin/clang -fsanitize=address
export CXX="/usr/bin/clang++ -fsanitize=address
./confiugre
make
GDB:
To enable execution of this file add
add-auto-load-safe-path /home/test/check/PythonGDB/python-gdb.py
line to your configuration file "/home/test/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/test/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGABRT, Aborted.
0x00007ffff7116418 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
Description: Heap error
Short description: HeapError (10/22)
Hash: fb83ab1a4cc8eeff85970c4e8a40accc.0c71313476b72a94b16ca488bd78a548
Exploitability Classification: EXPLOITABLE
Explanation: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.
Other tags: AbortSignal (20/22)
ASAN:
...E=================================================================
==18791==ERROR: AddressSanitizer: attempting double-free on 0x60b000007050 in thread T0:
#0 0x4d24f0 in __interceptor_cfree.localalias.0 asan_malloc_linux.cc.o:?
#1 0x4d24f0 in ?? ??:0
#2 0x7f1f02ff8e3f in ffi_call_unix64 ??:?
#3 0x7f1f02ff8e3f in ?? ??:0
#4 0x7f1f02ff88aa in ffi_call ??:?
#5 0x7f1f02ff88aa in ?? ??:0
#6 0x7f1f03226311 in _call_function_pointer /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:809
#7 0x7f1f03226311 in _ctypes_callproc /home/test/check/PythonASAN/Modules/_ctypes/callproc.c:1147
#8 0x7f1f03226311 in ?? ??:0
#9 0x7f1f03215199 in PyCFuncPtr_call /home/test/check/PythonASAN/Modules/_ctypes/_ctypes.c:3870
#10 0x7f1f03215199 in ?? ??:0
#11 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
#12 0x5745f0 in ?? ??:0
#13 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
#14 0x7a7429 in ?? ??:0
#15 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#16 0x7995cc in ?? ??:0
#17 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#18 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870
#19 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
#20 0x7ab4cb in ?? ??:0
#21 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#22 0x7a76f2 in ?? ??:0
#23 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#24 0x7995cc in ?? ??:0
#25 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#26 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#27 0x7a9847 in ?? ??:0
#28 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#29 0x7ac2ea in ?? ??:0
#30 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#31 0x574668 in ?? ??:0
#32 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#33 0x5749fa in ?? ??:0
#34 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#35 0x573e9b in ?? ??:0
#36 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#37 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357
#38 0x793369 in ?? ??:0
#39 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#40 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#41 0x7a9847 in ?? ??:0
#42 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#43 0x7ac2ea in ?? ??:0
#44 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#45 0x574668 in ?? ??:0
#46 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#47 0x5749fa in ?? ??:0
#48 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#49 0x573e9b in ?? ??:0
#50 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167
#51 0x66efe4 in ?? ??:0
#52 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
#53 0x5745f0 in ?? ??:0
#54 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
#55 0x7a7429 in ?? ??:0
#56 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#57 0x7995cc in ?? ??:0
#58 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#59 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#60 0x7a9847 in ?? ??:0
#61 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#62 0x7ac2ea in ?? ??:0
#63 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#64 0x574668 in ?? ??:0
#65 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#66 0x5749fa in ?? ??:0
#67 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#68 0x573e9b in ?? ??:0
#69 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#70 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357
#71 0x793369 in ?? ??:0
#72 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#73 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#74 0x7a9847 in ?? ??:0
#75 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#76 0x7ac2ea in ?? ??:0
#77 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#78 0x574668 in ?? ??:0
#79 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#80 0x5749fa in ?? ??:0
#81 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#82 0x573e9b in ?? ??:0
#83 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167
#84 0x66efe4 in ?? ??:0
#85 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
#86 0x5745f0 in ?? ??:0
#87 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
#88 0x7a7429 in ?? ??:0
#89 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#90 0x7995cc in ?? ??:0
#91 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#92 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#93 0x7a9847 in ?? ??:0
#94 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#95 0x7ac2ea in ?? ??:0
#96 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#97 0x574668 in ?? ??:0
#98 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#99 0x5749fa in ?? ??:0
#100 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#101 0x573e9b in ?? ??:0
#102 0x793369 in do_call_core /home/test/check/PythonASAN/Python/ceval.c:5057
#103 0x793369 in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3357
#104 0x793369 in ?? ??:0
#105 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#106 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#107 0x7a9847 in ?? ??:0
#108 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#109 0x7ac2ea in ?? ??:0
#110 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#111 0x574668 in ?? ??:0
#112 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#113 0x5749fa in ?? ??:0
#114 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#115 0x573e9b in ?? ??:0
#116 0x66efe4 in slot_tp_call /home/test/check/PythonASAN/Objects/typeobject.c:6167
#117 0x66efe4 in ?? ??:0
#118 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
#119 0x5745f0 in ?? ??:0
#120 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
#121 0x7a7429 in ?? ??:0
#122 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#123 0x7995cc in ?? ??:0
#124 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#125 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870
#126 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
#127 0x7ab4cb in ?? ??:0
#128 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#129 0x7a76f2 in ?? ??:0
#130 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#131 0x7995cc in ?? ??:0
#132 0x7ab4cb in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#133 0x7ab4cb in _PyFunction_FastCall /home/test/check/PythonASAN/Python/ceval.c:4870
#134 0x7ab4cb in fast_function /home/test/check/PythonASAN/Python/ceval.c:4905
#135 0x7ab4cb in ?? ??:0
#136 0x7a76f2 in call_function /home/test/check/PythonASAN/Python/ceval.c:4809
#137 0x7a76f2 in ?? ??:0
#138 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#139 0x7995cc in ?? ??:0
#140 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#141 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#142 0x7a9847 in ?? ??:0
#143 0x7ac2ea in _PyFunction_FastCallDict /home/test/check/PythonASAN/Python/ceval.c:5021
#144 0x7ac2ea in ?? ??:0
#145 0x574668 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2295
#146 0x574668 in ?? ??:0
#147 0x5749fa in _PyObject_Call_Prepend /home/test/check/PythonASAN/Objects/abstract.c:2358
#148 0x5749fa in ?? ??:0
#149 0x573e9b in PyObject_Call /home/test/check/PythonASAN/Objects/abstract.c:2246
#150 0x573e9b in ?? ??:0
#151 0x6713f8 in slot_tp_init /home/test/check/PythonASAN/Objects/typeobject.c:6380
#152 0x6713f8 in ?? ??:0
#153 0x666d8d in type_call /home/test/check/PythonASAN/Objects/typeobject.c:915 (discriminator 1)
#154 0x666d8d in ?? ??:0
#155 0x5745f0 in _PyObject_FastCallDict /home/test/check/PythonASAN/Objects/abstract.c:2316
#156 0x5745f0 in ?? ??:0
#157 0x7a7429 in call_function /home/test/check/PythonASAN/Python/ceval.c:4812
#158 0x7a7429 in ?? ??:0
#159 0x7995cc in _PyEval_EvalFrameDefault /home/test/check/PythonASAN/Python/ceval.c:3275
#160 0x7995cc in ?? ??:0
#161 0x7a9847 in PyEval_EvalFrameEx /home/test/check/PythonASAN/Python/ceval.c:718
#162 0x7a9847 in _PyEval_EvalCodeWithName /home/test/check/PythonASAN/Python/ceval.c:4119
#163 0x7a9847 in ?? ??:0
#164 0x78e0df in PyEval_EvalCodeEx /home/test/check/PythonASAN/Python/ceval.c:4140
#165 0x78e0df in PyEval_EvalCode /home/test/check/PythonASAN/Python/ceval.c:695
#166 0x78e0df in ?? ??:0
#167 0x5142f5 in run_mod /home/test/check/PythonASAN/Python/pythonrun.c:980
#168 0x5142f5 in PyRun_FileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:933
#169 0x5142f5 in ?? ??:0
#170 0x512afa in PyRun_SimpleFileExFlags /home/test/check/PythonASAN/Python/pythonrun.c:396
#171 0x512afa in ?? ??:0
#172 0x53eefd in run_file /home/test/check/PythonASAN/Modules/main.c:320
#173 0x53eefd in Py_Main /home/test/check/PythonASAN/Modules/main.c:780
#174 0x53eefd in ?? ??:0
#175 0x503d16 in main /home/test/check/PythonASAN/./Programs/python.c:69
#176 0x503d16 in ?? ??:0
#177 0x7f1f06ea582f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#178 0x7f1f06ea582f in ?? ??:0
#179 0x432548 in _start ??:?
#180 0x432548 in ?? ??:0
0x60b000007050 is located 0 bytes inside of 108-byte region [0x60b000007050,0x60b0000070bc)
freed by thread T0 here:
#0 0x4d24f0 in __interceptor_cfree.localalias.0 asan_malloc_linux.cc.o:?
#1 0x4d24f0 in ?? ??:0
#2 0x7f1f02ff8e3f in ffi_call_unix64 ??:?
#3 0x7f1f02ff8e3f in ?? ??:0
#2 0x7ffc11a5271f (<unknown module>)
previously allocated by thread T0 here:
#0 0x4d2678 in malloc ??:?
#1 0x4d2678 in ?? ??:0
#2 0x7f1effe039bc in my_wcsdup /home/test/check/PythonASAN/Modules/_ctypes/_ctypes_test.c:185 (discriminator 1)
#3 0x7f1effe039bc in ?? ??:0
#2 0x7ffc11a5271f (<unknown module>)
SUMMARY: AddressSanitizer: double-free (/home/test/check/PythonASAN/python+0x4d24f0)
==18791==ABORTING
----------
components: Interpreter Core
files: asan_malloc
messages: 287316
nosy: xgblankgx
priority: normal
severity: normal
status: open
title: AddressSanitizer: attempting double-free on 0x60b000007050
type: security
versions: Python 3.6
Added file: http://bugs.python.org/file46577/asan_malloc
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29482>
_______________________________________
More information about the New-bugs-announce
mailing list