溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
本篇內容介紹了“ Python空指針引用漏洞怎么解決”的有關知識,在實際案例的操作過程中,不少人都會遇到這樣的困境,接下來就讓小編帶領大家學習一下如何處理這些情況吧!希望大家仔細閱讀,能夠學有所成!
Python最新版Python 3.8.5的空指針引用漏洞發生在Python對.pyc文件進行處理時。
下面是崩潰信息:
$ Python-3.8.5/python 00-SEGV-on-unknown-address-Python-3.8.5.pyc Could not find platform dependent libraries <exec_prefix> Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>] AddressSanitizer:DEADLYSIGNAL ================================================================= ==8079==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x0000008aa86b bp 0x000000000000 sp 0x7ffe2a3f5bf0 T0) ==8079==The signal is caused by a READ memory access. ==8079==Hint: address points to the zero page. #0 0x8aa86a in _PyEval_EvalCodeWithName /home/test/Python-3.8.5/Python/ceval.c:4266:23 #1 0x866d0f in PyEval_EvalCodeEx /home/test/Python-3.8.5/Python/ceval.c:4327:12 #2 0x866d0f in PyEval_EvalCode /home/test/Python-3.8.5/Python/ceval.c:718:12 #3 0x9f7355 in run_eval_code_obj /home/test/Python-3.8.5/Python/pythonrun.c:1125:9 #4 0x9e682d in run_pyc_file /home/test/Python-3.8.5/Python/pythonrun.c:1184:9 #5 0x9e682d in PyRun_SimpleFileExFlags /home/test/Python-3.8.5/Python/pythonrun.c:419:13 #6 0x9e4ca5 in PyRun_AnyFileExFlags /home/test/Python-3.8.5/Python/pythonrun.c:86:16 #7 0x5108db in pymain_run_file /home/test/Python-3.8.5/Modules/main.c:381:15 #8 0x5108db in pymain_run_python /home/test/Python-3.8.5/Modules/main.c:606:21 #9 0x5108db in Py_RunMain /home/test/Python-3.8.5/Modules/main.c:685:5 #10 0x5129d6 in pymain_main /home/test/Python-3.8.5/Modules/main.c:715:12 #11 0x512dd7 in Py_BytesMain /home/test/Python-3.8.5/Modules/main.c:739:12 #12 0x7f8316d4b82f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291 #13 0x438888 in _start (/home/test/Python-3.8.5-Fuzz/python+0x438888) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/test/Python-3.8.5/Python/ceval.c:4266:23 in _PyEval_EvalCodeWithName ==8079==ABORTING
在函數PyEval_EvalCode(Python-3.8.5/Python/ceval.c)中調用PyEval_EvalCodeEx函數。
PyObject * PyEval_EvalCode(PyObject *co, PyObject *globals, PyObject *locals){ return PyEval_EvalCodeEx(co, globals, locals, (PyObject **)NULL, 0, (PyObject **)NULL, 0, (PyObject **)NULL, 0, NULL, NULL); }傳遞給PyEval_EvalCodeEx函數的參數中closure設置為NULL。
PyObject * PyEval_EvalCodeEx(PyObject *_co, PyObject *globals, PyObject *locals, PyObject *const *args, int argcount, PyObject *const *kws, int kwcount, PyObject *const *defs, int defcount, PyObject *kwdefs, PyObject *closure){ return _PyEval_EvalCodeWithName(_co, globals, locals, args, argcount, kws, kws != NULL ? kws + 1 : NULL, kwcount, 2, defs, defcount, kwdefs, closure, NULL, NULL); }PyEval_EvalCodeEx函數繼續調用_PyEval_EvalCodeWithName函數,closure值不變依舊為NULL。
PyObject * _PyEval_EvalCodeWithName(PyObject *_co, PyObject *globals, PyObject *locals, PyObject *const *args, Py_ssize_t argcount, PyObject *const *kwnames, PyObject *const *kwargs, Py_ssize_t kwcount, int kwstep, PyObject *const *defs, Py_ssize_t defcount, PyObject *kwdefs, PyObject *closure, PyObject *name, PyObject *qualname) { ****** /* Copy closure variables to free variables */ for (i = 0; i < PyTuple_GET_SIZE(co->co_freevars); ++i) { PyObject *o = PyTuple_GET_ITEM(closure, i); <----------------------------- crash Py_INCREF(o); freevars[PyTuple_GET_SIZE(co->co_cellvars) + i] = o; } ****** }在 _PyEval_EvalCodeWithName函數中引用closure前,對closure的值進行判斷。
“ Python空指針引用漏洞怎么解決”的內容就介紹到這里了,感謝大家的閱讀。如果想了解更多行業相關的知識可以關注億速云網站,小編將為大家輸出更多高質量的實用文章!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
