[New-bugs-announce] [issue45228] Stack buffer overflow in parsing J1939 network address
Serhiy Storchaka
report at bugs.python.org
Fri Sep 17 02:56:42 EDT 2021
New submission from Serhiy Storchaka <storchaka+cpython at gmail.com>:
It can be reproduced when run test.test_socket.J1939Test (omitted in regrtests now, see issue45187) with Address Sanitizer. See for example https://github.com/python/cpython/pull/28317/checks?check_run_id=3625390397.
It can be reproduced when run test.test_socket.J1939Test with unittest:
$ ./python -m unittest -v test.test_socket -k J1939Test
See J1939Test.log for output.
The cause is using PyArg_ParseTuple() with format unit "k" (unsigned long) and variable of type uint32_t. PyArg_ParseTuple() should only be used with native integer types (short, int, long, long long), it does not support support types of fixed size (uint16_t, uint32_t, uint64_t).
----------
components: Extension Modules
files: J1939Test.log
messages: 402003
nosy: serhiy.storchaka
priority: normal
severity: normal
status: open
title: Stack buffer overflow in parsing J1939 network address
type: crash
versions: Python 3.11
Added file: https://bugs.python.org/file50283/J1939Test.log
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue45228>
_______________________________________
More information about the New-bugs-announce
mailing list