Closed
Description
Bug report
==2729==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffef35c8f14 at pc 0x7f3e0254c47c bp 0x7ffef35c8e50 sp 0x7ffef35c8e48
READ of size 4 at 0x7ffef35c8f14 thread T0
#0 0x7f3e0254c47b in jisx0213_encoder Modules/cjkcodecs/_codecs_iso2022.c:808
#1 0x7f3e0254c47b in jisx0213_2004_1_encoder_paironly Modules/cjkcodecs/_codecs_iso2022.c:894
#2 0x7f3e025469a9 in iso2022_encode Modules/cjkcodecs/_codecs_iso2022.c:196
#3 0x7f3e02536457 in multibytecodec_encode Modules/cjkcodecs/multibytecodec.c:523
#4 0x7f3e0253829e in _multibytecodec_MultibyteCodec_encode_impl Modules/cjkcodecs/multibytecodec.c:620
#5 0x7f3e0253829e in _multibytecodec_MultibyteCodec_encode Modules/cjkcodecs/clinic/multibytecodec.c.h:91
#6 0x55e4cc690361 in cfunction_vectorcall_FASTCALL_KEYWORDS Objects/methodobject.c:438
#7 0x55e4cc5b029e in PyObject_Call (/home/kali/Downloads/cpython/python+0x3e629e)
#8 0x55e4cc841026 in _PyCodec_EncodeInternal Python/codecs.c:419
#9 0x55e4cc9cb18f in _codecs_encode_impl Modules/_codecsmodule.c:132
#10 0x55e4cc9cb18f in _codecs_encode Modules/clinic/_codecsmodule.c.h:166
#11 0x55e4cc690361 in cfunction_vectorcall_FASTCALL_KEYWORDS Objects/methodobject.c:438
#12 0x55e4cc5af6bf in _PyObject_VectorcallTstate Include/internal/pycore_call.h:92
#13 0x55e4cc5af6bf in PyObject_Vectorcall Objects/call.c:301
#14 0x55e4cc4753f6 in _PyEval_EvalFrameDefault Python/generated_cases.c.h:2982
#15 0x55e4cc83c811 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:88
#16 0x55e4cc83c811 in _PyEval_Vector Python/ceval.c:1716
#17 0x55e4cc83c811 in PyEval_EvalCode Python/ceval.c:578
#18 0x55e4cc91aebd in run_eval_code_obj Python/pythonrun.c:1702
#19 0x55e4cc91aebd in run_mod Python/pythonrun.c:1723
#20 0x55e4cc91e6ca in pyrun_file Python/pythonrun.c:1617
#21 0x55e4cc91e6ca in _PyRun_SimpleFileObject Python/pythonrun.c:439
#22 0x55e4cc91f17a in _PyRun_AnyFileObject Python/pythonrun.c:78
#23 0x55e4cc976719 in pymain_run_file_obj Modules/main.c:360
#24 0x55e4cc976719 in pymain_run_file Modules/main.c:379
#25 0x55e4cc976719 in pymain_run_python Modules/main.c:610
#26 0x55e4cc977ebc in Py_RunMain Modules/main.c:689
#27 0x55e4cc977ebc in pymain_main Modules/main.c:719
#28 0x55e4cc977ebc in Py_BytesMain Modules/main.c:743
#29 0x7f3e052d6209 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#30 0x7f3e052d62bb in __libc_start_main_impl ../csu/libc-start.c:389
#31 0x55e4cc49c3f0 in _start (/home/kali/Downloads/cpython/python+0x2d23f0)
Address 0x7ffef35c8f14 is located in stack of thread T0 at offset 52 in frame
#0 0x7f3e0254644f in iso2022_encode Modules/cjkcodecs/_codecs_iso2022.c:157
This frame has 2 object(s):
[48, 52) 'c' (line 161) <== Memory access at offset 52 overflows this variable
[64, 72) 'length' (line 184)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow Modules/cjkcodecs/_codecs_iso2022.c:808 in jisx0213_encoder
Shadow bytes around the buggy address:
0x10005e6b1190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005e6b11a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005e6b11b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005e6b11c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005e6b11d0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x10005e6b11e0: f1 f1[04]f2 00 f3 f3 f3 00 00 00 00 00 00 00 00
0x10005e6b11f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005e6b1200: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3
0x10005e6b1210: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x10005e6b1220: 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 00 f2 f2 f2
0x10005e6b1230: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==2729==ABORTING
Your environment
- CPython versions tested on: 3.12, 3.11, 3.10
- Operating system and architecture: x86_x64 NAME="Kali GNU/Linux" "2022.3" (Reproduced also on other debian OS)
Steps to reproduce
- CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" ./configure
- make
- copy test.py and crashfile to /cpython directory
- run ./python test.py
Prerequisites
crashfile.txt
test.py
import codecs
f=open('crashfile.txt', 'r')
text=f.read()
print(text)
codecs.encode(text, encoding='iso2022_jp_2004', errors='ignore')
Linked PRs
- gh-101180: PR demonstrating the ASAN failure #101720
- gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds #111695
- [3.12] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111769
- [3.11] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 co… #111771
- [3.10] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111779
- [3.9] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111780
- [3.8] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111781
Metadata
Metadata
Labels
An unexpected behavior, bug, or errorAn unexpected behavior, bug, or errorA security issueA security issue