Bug#716610: [Mayhem] Bug report on liquidwar: liquidwar-mapgen crashes with exit status 139
Christian Mauduit
ufoot at ufoot.org
Wed Jul 10 23:12:42 UTC 2013
OK, fixed it upstream, in git git://git.savannah.gnu.org/liquidwar.git
Basically, parsing of parameters was buggy, specifying "-s" (or possibly
some other params) without an extra param (eg -s 100) would cause a
segfault.
The patch can technically be backported to 5.6.4, but then, upcoming
5.6.5 has other security issues fixed. I should really release that one
(current git is not meant to ship in distribs IMHO). To backport the
patch, I suspect taking utils/lwmapgen/main.c from latest git and just
copy/paste it into old source tree should do the job.
Thanks for your extensive feedback, it's a pleasure to work with such
detailed material (and easy to pin the bug, BTW).
Have a nice day,
Christian.
On 2013-07-10 21:24, Alexandre Rebert wrote:
> Package: liquidwar
> Version: 5.6.4-3+b1
> Severity: normal
> User: mayhem at forallsecure.com
> Usertags: mayhem
>
> liquidwar-mapgen crashes with exit status 139. We confirmed the crash by
> re-running it in a fresh debian unstable installation.
>
> The attachment [1] contains a testcase (under ./crash) crashing the
> program. It ensures that you can easily reproduce the bug. Additionally,
> under ./crash_info/, we include more information about the crash such as
> a core dump, the dmesg generated by the crash, and its output.
>
> Regards,
> The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele)
> Cylab, Carnegie Mellon University
>
> [1] http://www.forallsecure.com/bug-reports/00f182005988ac0f1f9a74b04d96abff9d14cff0/full_report
>
>
> -- System Information:
> Debian Release: jessie/sid
> APT prefers unstable
> APT policy: (500, 'unstable')
> Architecture: i386 (i686)
>
> Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages liquidwar depends on:
> ii liballegro4.4 2:4.4.2-2.1
> ii libc6 2.17-6
> ii liquidwar-data 5.6.4-3
> ii liquidwar-server 5.6.4-3+b1
>
> liquidwar recommends no packages.
>
> liquidwar suggests no packages.
>
> -- no debconf information
>
--
Christian Mauduit
ufoot at ufoot.org
http://www.ufoot.org
int q = (2 * b) || !(2 * b);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20130711/1d1a5d77/attachment-0001.sig>
More information about the Pkg-games-devel
mailing list