Tcl Source Code

[root@<removed> fuzz]# cat libtcl85.py
#
# _tkintter createfilehandler() crash poc
#
import _tkinter
def errback(*args, **kw):
        raise ValueError('error')

_tkinter.createfilehandler(674664117164,59.58,errback)
[root@eagle876 fuzz]# gdb --args python libtcl85.py
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/python...(no debugging symbols found)...done.
Missing separate debuginfos, use: debuginfo-install python-2.6.6-37.el6_4.i686 python-2.6.6-37.el6_4.x86_64
(gdb) r
Starting program: /usr/bin/python libtcl85.py
[Thread debugging using libthread_db enabled]
libtcl85.py:8: DeprecationWarning: integer argument expected, got float
  _tkinter.createfilehandler(674664117164,59.58,errback)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff05879cd in Tcl_CreateFileHandler () from /usr/lib64/libtcl8.5.so
(gdb) q


The second parameter typically contains an int, when provided a float a crash occurs in libtcl8.5.so.