Fuzzing on #@make_function() and #@exec()

rheostat2718 / unladen-swallow

Automatically exported from code.google.com/p/unladen-swallow

Other

0 stars 0 forks source link

Fuzzing on #@make_function() and #@exec() #71

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

Hi,

I tried my fuzzer Fusil on Unladen Swallow and I quickly found crashs in
builtins functions: #@make_function() and #@exec(). I suppose that these
functions should not be used, but it's possible to get them using
getattr(__builtins__, function_name). Crash examples:

lisa$ /opt/unladen/bin/python
Python 2.6.1 (r261:754, Jul 21 2009, 19:19:20) 
[GCC 4.3.2] on linux2
[Unladen Swallow 2009Q3]
>>> getattr(__builtins__, "#@exec")("a")
Erreur de segmentation

lisa$ /opt/unladen/bin/python
Python 2.6.1 (r261:754, Jul 21 2009, 19:19:20) 
[GCC 4.3.2] on linux2
[Unladen Swallow 2009Q3]
Type "help", "copyright", "credits" or "license" for more information.
>>> getattr(__builtins__, "#@make_function")(1)
Erreur de segmentation

These functions should be hidden a little bit better, or they should
include basic tests on inputs ;-)

Original issue reported on code.google.com by victor.s...@gmail.com on 21 Jul 2009 at 5:57

GoogleCodeExporter commented 9 years ago

Good to know that Fusil actually works :)

Would you be interested in working up patches to add more extensive error 
checking to 
these functions? I doubt we'll get around to it for a while.

Original comment by collinw on 21 Jul 2009 at 8:39

Changed state: Accepted
Added labels: Priority-Critical, Release-Merger, Type-Defect
Removed labels: Priority-Medium, Type-Enhancement

GoogleCodeExporter commented 9 years ago

> Good to know that Fusil actually works :)

I didn't changed my code, it's exactly the same fuzzer for CPython 
(fusil-python). You just
have to run the fuzzer using Unladen Swallow Python interpreter, rather than 
the CPython
interpreter.

> Would you be interested in working up patches to add more extensive error 
checking to 
> these functions?

Here you have a first patch:
 * initialize globals and locals for #@exec() (globals and locals were not initialized if exec()
got just 1 argument)
 * check first argument type for #@make_function()

I just tried Lib/test/test_builtin.py.

Original comment by victor.s...@gmail.com on 21 Jul 2009 at 11:20

Attachments:

unladen_exec_make_func.patch

GoogleCodeExporter commented 9 years ago

ping? you asked a patch: i wrote one. You also have examples (in my first 
message) to
check if the functions are fixed or not.

Original comment by victor.s...@gmail.com on 4 Aug 2009 at 10:42

GoogleCodeExporter commented 9 years ago

Sorry, this fell off my radar; thanks for pinging.

Applied as r792. Thanks for the patch, Victor!

Original comment by collinw on 5 Aug 2009 at 6:07

Changed state: Fixed