long string causes segmentation fault in ypclnt.c
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
glibc (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Description of problem:
In Python, nis.cat() with long string argument will lead to crash of Python interpreter. But Python developers claim that it's a not a bug in Python but in glibc.
The related report in Python bug tracker:
https:/
Steps to Reproduce:
1. install Python 3(CPython)
2. type the following code "import nis;nis.
A Python example:
=======
Python 3.10.0a6 (default, Mar 19 2021, 11:45:56) [GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import nis;
>>> nis.cat(
Segmentation fault (core dumped)
=======
Attached gdb result:
>>> import nis;
>>> nis.cat(
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff67bccdc in yp_bind_file (ysd=0x9b03c0,
domain=
84 ypclnt.c: No such file or directory.
(gdb)
Attached valgrind result:
>>> import nis
>>> nis.cat(
==25360== Warning: client switching stacks? SP change: 0x1ffefff520 --> 0x1ffc9d9af8
==25360== to suppress, use: --max-stackfram
==25360== Invalid write of size 8
==25360== at 0x7E3FCDC: yp_bind_file (ypclnt.c:84)
==25360== by 0x7E3FCDC: __yp_bind.part.2 (ypclnt.c:179)
==25360== Address 0x1ffc9d9af8 is on thread 1's stack
==25360==
==25360==
==25360== Process terminating with default action of signal 11 (SIGSEGV)
==25360== Access not within mapped region at address 0x1FFC9D9AF8
==25360== at 0x7E3FCDC: yp_bind_file (ypclnt.c:84)
==25360== by 0x7E3FCDC: __yp_bind.part.2 (ypclnt.c:179)
==25360== If you believe this happened as a result of a stack
==25360== overflow in your program's main thread (unlikely but
==25360== possible), you can try to increase the size of the
==25360== main thread stack using the --main-stacksize= flag.
==25360== The main thread stack size used in this run was 8388608.
==25360== Invalid write of size 8
==25360== at 0x4A2867A: _vgnU_freeres (vg_preloaded.c:57)
==25360== Address 0x1ffc9d9af0 is on thread 1's stack
==25360==
==25360==
==25360== Process terminating with default action of signal 11 (SIGSEGV)
==25360== Access not within mapped region at address 0x1FFC9D9AF0
==25360== at 0x4A2867A: _vgnU_freeres (vg_preloaded.c:57)
==25360== If you believe this happened as a result of a stack
==25360== overflow in your program's main thread (unlikely but
==25360== possible), you can try to increase the size of the
==25360== main thread stack using the --main-stacksize= flag.
==25360== The main thread stack size used in this run was 8388608.
==25360==
==25360== HEAP SUMMARY:
==25360== in use at exit: 45,108,440 bytes in 33,832 blocks
==25360== total heap usage: 84,181 allocs, 50,349 frees, 54,298,362 bytes allocated
==25360==
==25360== LEAK SUMMARY:
==25360== definitely lost: 104 bytes in 1 blocks
==25360== indirectly lost: 0 bytes in 0 blocks
==25360== possibly lost: 44,967,758 bytes in 32,993 blocks
==25360== still reachable: 140,578 bytes in 838 blocks
==25360== suppressed: 0 bytes in 0 blocks
==25360== Rerun with --leak-check=full to see details of leaked memory
==25360==
==25360== For lists of detected and suppressed errors, rerun with: -s
==25360== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)