Bug#716506: [Mayhem] Bug report on nco: ncbo crashes with exit status 139

Alexandre Rebert alexandre at cmu.edu
Thu Jul 11 23:38:58 UTC 2013 

Hi Charlie,

Dying with exit(EXIT_FAILURE) would be fine. In the attached testcase
however, ncbo segfaults because of a null dereference. Here is the
backtrace when the crash is happening:

#0  0xb7a37ad6 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#1  0xb7f9ed20 in nco_fl_mk_lcl () from
/home/apr/tmp/crap/ncbo-report/crash/libs/libnco-4.0.9.so
#2  0x0804a547 in ?? ()
#3  0xb79cee46 in __libc_start_main () from
/lib/i386-linux-gnu/i686/cmov/libc.so.6
#4  0x0804c6cd in ?? ()

Best,
Alex



On Thu, Jul 11, 2013 at 7:10 PM, Charlie Zender <zender at uci.edu> wrote:

> Hi,
>
> I am the NCO (package name nco) author/maintainer.
> I am unsure how/if to respond to these Mayhem bug reports.
> NCO is a set of command line operators written in C99.
> When they receive incorrect input options, they die with
> exit(EXIT_FAILURE), as recommended (I believe) by the C-standard.
> Is there some other way they should die when given incorrect input?
>
> Thanks!
> cz
>
> Le 10/07/2013 12:34, Alexandre Rebert a écrit :
> > Package: nco
> > Version: 4.0.9-1+b1
> > Severity: normal
> > User: mayhem at forallsecure.com
> > Usertags: mayhem
> >
> > ncbo crashes with exit status 139. We confirmed the crash by
> > re-running it in a fresh debian unstable installation.
> >
> > The attachment [1] contains a testcase (under ./crash) crashing the
> > program. It ensures that you can easily reproduce the bug. Additionally,
> > under ./crash_info/, we include more information about the crash such as
> > a core dump, the dmesg generated by the crash, and its output.
> >
> > Regards,
> > The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha,
> David Brumley, Manuel Egele)
> > Cylab, Carnegie Mellon University
> >
> > [1]
> http://www.forallsecure.com/bug-reports/427fd7430637448139f0fe0efa958d82e43894b7/full_report
> >
> >
> > -- System Information:
> > Debian Release: jessie/sid
> >   APT prefers unstable
> >   APT policy: (500, 'unstable')
> > Architecture: i386 (i686)
> >
> > Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core)
> > Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> > Shell: /bin/sh linked to /bin/dash
> >
> > Versions of packages nco depends on:
> > ii  dpkg             1.16.10
> > ii  install-info     5.1.dfsg.1-3
> > ii  libc6            2.17-6
> > ii  libcurl3-gnutls  7.31.0-1
> > ii  libgcc1          1:4.8.1-4
> > ii  libgsl0ldbl      1.15+dfsg.2-2
> > ii  libnetcdfc7      1:4.1.3-6+b1
> > ii  libstdc++6       4.8.1-4
> > ii  libudunits2-0    2.1.23-4
> >
> > nco recommends no packages.
> >
> > nco suggests no packages.
> >
> > -- no debconf information
> >
>
> --
> Charlie Zender, Earth System Sci. & Computer Sci.
> University of California, Irvine 949-891-2429 )'(
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20130711/87a58da7/attachment-0002.html>

More information about the Pkg-grass-devel mailing list