[New-bugs-announce] [issue35161] ASAN: stack-use-after-scope in grp.getgr{nam, gid} and pwd.getpw{nam, uid}

Alexey Izbyshev report at bugs.python.org
Sun Nov 4 09:26:54 EST 2018

New submission from Alexey Izbyshev <izbyshev at ispras.ru>:

==24122==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffb1c62550 at pc 0x0000006ec66c bp 0x7fffb1c62450 sp 0x7fffb1c62448
READ of size 8 at 0x7fffb1c62550 thread T0
    #0 0x6ec66b in mkpwent /scratch2/izbyshev/cpython/Modules/pwdmodule.c:79
    #1 0x6ecdc9 in pwd_getpwnam_impl /scratch2/izbyshev/cpython/Modules/pwdmodule.c:260
    #2 0x6ecfee in pwd_getpwnam /scratch2/izbyshev/cpython/Modules/clinic/pwdmodule.c.h:39
    #3 0x454146 in _PyMethodDef_RawFastCallKeywords /scratch2/izbyshev/cpython/Objects/call.c:644
[======= snip =======]
Address 0x7fffb1c62550 is located in stack of thread T0 at offset 160 in frame
    #0 0x6eca60 in pwd_getpwnam_impl /scratch2/izbyshev/cpython/Modules/pwdmodule.c:203

  This frame has 3 object(s):
    [32, 40) 'name_chars'
    [96, 104) 'p'
    [160, 208) 'pwd' <== Memory access at offset 160 is inside this variable

Variables declared in the block scope created with Py_BEGIN_ALLOW_THREADS/Py_END_ALLOW_THREADS are referred to via a pointer outside of that scope (i.e., after their lifetime ends). The bug was introduced in https://github.com/python/cpython/commit/23e65b25557f957af840cf8fe68e80659ce28629 .

components: Extension Modules
messages: 329230
nosy: berker.peksag, izbyshev, serhiy.storchaka, vstinner, wg
priority: normal
severity: normal
status: open
title: ASAN: stack-use-after-scope in grp.getgr{nam,gid} and pwd.getpw{nam,uid}
type: behavior
versions: Python 3.8

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list