Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Use after free in 3.11 #96572

Closed
Closed
Assignees
kumaraditya303
Labels
3.11only security fixes3.12only security fixesrelease-blockertype-crashA hard crash of the interpreter, possibly with a core dump
@matthiasgoergens

Description

@matthiasgoergens

When I try to build the current 3.110c81909 on my 64-bit ArchLinux machine withclang version 14.0.6 and the following configuration:

../configure \    --with-assertions \    --with-address-sanitizer \    --with-trace-refs \    --with-undefined-behavior-sanitizer

I get the following error:

(3.11)$ make./_bootstrap_python ../Programs/_freeze_module.py abc ../Lib/abc.py Python/frozen_modules/abc.h===================================================================1780959==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000046cb0 at pc 0x55896728b06e bp 0x7ffc8d63cba0 sp 0x7ffc8d63cb98READ of size 8 at 0x608000046cb0 thread T0    #0 0x55896728b06d in _Py_ForgetReference /home/matthias/prog/python/cpython/build-bisect-2/../Objects/object.c:2044:23    #1 0x55896728dd86 in _Py_Dealloc /home/matthias/prog/python/cpython/build-bisect-2/../Objects/object.c:2385:5    #2 0x5589672019f7 in Py_DECREF /home/matthias/prog/python/cpython/build-bisect-2/../Include/object.h:538:9    #3 0x5589672019f7 in Py_XDECREF /home/matthias/prog/python/cpython/build-bisect-2/../Include/object.h:602:9    #4 0x5589672019f7 in insertdict /home/matthias/prog/python/cpython/build-bisect-2/../Objects/dictobject.c:1304:5    #5 0x558967566581 in _PyEval_EvalFrameDefault /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:2774:23    #6 0x558967544abd in _PyEval_Vector /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:6424:24    #7 0x558967530c0d in builtin___build_class__ /home/matthias/prog/python/cpython/build-bisect-2/../Python/bltinmodule.c:201:12    #8 0x55896726d395 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/matthias/prog/python/cpython/build-bisect-2/../Objects/methodobject.c:443:24    #9 0x5589670ce5a4 in _PyObject_VectorcallTstate /home/matthias/prog/python/cpython/build-bisect-2/../Include/internal/pycore_call.h:92:11    #10 0x558967567ba6 in _PyEval_EvalFrameDefault /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c    #11 0x558967544abd in _PyEval_Vector /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:6424:24    #12 0x558967544544 in PyEval_EvalCode /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:1154:21    #13 0x5589676b990b in exec_code_in_module /home/matthias/prog/python/cpython/build-bisect-2/../Python/import.c:764:9    #14 0x5589676ba193 in PyImport_ImportFrozenModuleObject /home/matthias/prog/python/cpython/build-bisect-2/../Python/import.c:1394:9    #15 0x5589676bbfb1 in PyImport_ImportFrozenModule /home/matthias/prog/python/cpython/build-bisect-2/../Python/import.c:1434:11    #16 0x55896772498f in init_importlib /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:186:9    #17 0x55896772349d in pycore_interp_init /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:871:13    #18 0x558967719beb in pyinit_config /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:900:14    #19 0x558967719beb in pyinit_core /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:1063:18    #20 0x558967719beb in Py_InitializeFromConfig /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:1253:14    #21 0x5589679ecc04 in main /home/matthias/prog/python/cpython/build-bisect-2/../Programs/_bootstrap_python.c:103:14    #22 0x7f5b4e5662cf  (/usr/lib/libc.so.6+0x232cf) (BuildId: 9c28cfc869012ebbd43cdb0f1eebcd14e1b8bdd8)    #23 0x7f5b4e566389 in __libc_start_main (/usr/lib/libc.so.6+0x23389) (BuildId: 9c28cfc869012ebbd43cdb0f1eebcd14e1b8bdd8)    #24 0x558966dcae34 in _start /build/glibc/src/glibc/csu/../sysdeps/x86_64/start.S:1150x608000046cb0 is located 16 bytes inside of 88-byte region [0x608000046ca0,0x608000046cf8)freed by thread T0 here:    #0 0x558966e7ecf2 in __interceptor_free.part.0 asan_malloc_linux.cpp.o    #1 0x55896726ec73 in meth_dealloc /home/matthias/prog/python/cpython/build-bisect-2/../Objects/methodobject.c:175:5    #2 0x558967567c97 in _PyEval_EvalFrameDefault /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:4783:13    #3 0x558967544abd in _PyEval_Vector /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:6424:24    #4 0x558967530c0d in builtin___build_class__ /home/matthias/prog/python/cpython/build-bisect-2/../Python/bltinmodule.c:201:12    #5 0x55896726d395 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/matthias/prog/python/cpython/build-bisect-2/../Objects/methodobject.c:443:24    #6 0x5589670ce5a4 in _PyObject_VectorcallTstate /home/matthias/prog/python/cpython/build-bisect-2/../Include/internal/pycore_call.h:92:11    #7 0x558967567ba6 in _PyEval_EvalFrameDefault /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c    #8 0x558967544abd in _PyEval_Vector /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:6424:24    #9 0x558967544544 in PyEval_EvalCode /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:1154:21    #10 0x5589676b990b in exec_code_in_module /home/matthias/prog/python/cpython/build-bisect-2/../Python/import.c:764:9    #11 0x5589676ba193 in PyImport_ImportFrozenModuleObject /home/matthias/prog/python/cpython/build-bisect-2/../Python/import.c:1394:9    #12 0x5589676bbfb1 in PyImport_ImportFrozenModule /home/matthias/prog/python/cpython/build-bisect-2/../Python/import.c:1434:11    #13 0x55896772498f in init_importlib /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:186:9    #14 0x55896772349d in pycore_interp_init /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:871:13    #15 0x558967719beb in pyinit_config /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:900:14    #16 0x558967719beb in pyinit_core /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:1063:18    #17 0x558967719beb in Py_InitializeFromConfig /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:1253:14    #18 0x5589679ecc04 in main /home/matthias/prog/python/cpython/build-bisect-2/../Programs/_bootstrap_python.c:103:14    #19 0x7f5b4e5662cf  (/usr/lib/libc.so.6+0x232cf) (BuildId: 9c28cfc869012ebbd43cdb0f1eebcd14e1b8bdd8)previously allocated by thread T0 here:    #0 0x558966e7fd09 in __interceptor_malloc (/home/matthias/prog/python/cpython/build-bisect-2/_bootstrap_python+0x765d09)    #1 0x5589677e02e4 in gc_alloc /home/matthias/prog/python/cpython/build-bisect-2/../Modules/gcmodule.c:2283:17    #2 0x5589677e0198 in _PyObject_GC_New /home/matthias/prog/python/cpython/build-bisect-2/../Modules/gcmodule.c:2298:20    #3 0x55896726c600 in PyCMethod_New /home/matthias/prog/python/cpython/build-bisect-2/../Objects/methodobject.c:101:14    #4 0x558967286aa5 in _PyObject_GenericGetAttrWithDict /home/matthias/prog/python/cpython/build-bisect-2/../Objects/object.c:1337:15    #5 0x558967284949 in PyObject_GetAttr /home/matthias/prog/python/cpython/build-bisect-2/../Objects/object.c    #6 0x55896754bf4a in _PyEval_EvalFrameDefault /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:3471:29    #7 0x558967544abd in _PyEval_Vector /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:6424:24    #8 0x558967530c0d in builtin___build_class__ /home/matthias/prog/python/cpython/build-bisect-2/../Python/bltinmodule.c:201:12    #9 0x55896726d395 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/matthias/prog/python/cpython/build-bisect-2/../Objects/methodobject.c:443:24    #10 0x5589670ce5a4 in _PyObject_VectorcallTstate /home/matthias/prog/python/cpython/build-bisect-2/../Include/internal/pycore_call.h:92:11    #11 0x558967567ba6 in _PyEval_EvalFrameDefault /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c    #12 0x558967544abd in _PyEval_Vector /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:6424:24    #13 0x558967544544 in PyEval_EvalCode /home/matthias/prog/python/cpython/build-bisect-2/../Python/ceval.c:1154:21    #14 0x5589676b990b in exec_code_in_module /home/matthias/prog/python/cpython/build-bisect-2/../Python/import.c:764:9    #15 0x5589676ba193 in PyImport_ImportFrozenModuleObject /home/matthias/prog/python/cpython/build-bisect-2/../Python/import.c:1394:9    #16 0x5589676bbfb1 in PyImport_ImportFrozenModule /home/matthias/prog/python/cpython/build-bisect-2/../Python/import.c:1434:11    #17 0x55896772498f in init_importlib /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:186:9    #18 0x55896772349d in pycore_interp_init /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:871:13    #19 0x558967719beb in pyinit_config /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:900:14    #20 0x558967719beb in pyinit_core /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:1063:18    #21 0x558967719beb in Py_InitializeFromConfig /home/matthias/prog/python/cpython/build-bisect-2/../Python/pylifecycle.c:1253:14    #22 0x5589679ecc04 in main /home/matthias/prog/python/cpython/build-bisect-2/../Programs/_bootstrap_python.c:103:14    #23 0x7f5b4e5662cf  (/usr/lib/libc.so.6+0x232cf) (BuildId: 9c28cfc869012ebbd43cdb0f1eebcd14e1b8bdd8)SUMMARY: AddressSanitizer: heap-use-after-free /home/matthias/prog/python/cpython/build-bisect-2/../Objects/object.c:2044:23 in _Py_ForgetReferenceShadow bytes around the buggy address:  0x0c1080000d40: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa  0x0c1080000d50: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00  0x0c1080000d60: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa  0x0c1080000d70: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa  0x0c1080000d80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00=>0x0c1080000d90: fa fa fa fa fd fd[fd]fd fd fd fd fd fd fd fd fa  0x0c1080000da0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa  0x0c1080000db0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00  0x0c1080000dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0c1080000dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0c1080000de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa faShadow byte legend (one shadow byte represents 8 application bytes):  Addressable:           00  Partially addressable: 01 02 03 04 05 06 07   Heap left redzone:       fa  Freed heap region:       fd  Stack left redzone:      f1  Stack mid redzone:       f2  Stack right redzone:     f3  Stack after return:      f5  Stack use after scope:   f8  Global redzone:          f9  Global init order:       f6  Poisoned by user:        f7  Container overflow:      fc  Array cookie:            ac  Intra object redzone:    bb  ASan internal:           fe  Left alloca redzone:     ca  Right alloca redzone:    cb==1780959==ABORTINGmake: *** [Makefile:1215: Python/frozen_modules/abc.h] Error 1

This error also used to happen withmain last week, but it seems not right now.

Metadata

Metadata

Labels

3.11only security fixes3.12only security fixesrelease-blockertype-crashA hard crash of the interpreter, possibly with a core dump

Projects

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

    [8]ページ先頭
    ©2009-2025 Movatter.jp