Bug#716506: [Mayhem] Bug report on nco: ncbo crashes with exit status 139

Charlie Zender zender at uci.edu
Fri Jul 12 04:34:11 UTC 2013 

Thank you for explaining this.
Your Mayhem project is very useful!
Please continue to bombard NCO with unsanitized input.
Unfortunately I think you will find more bugs :)
My summary of the issues is:

Debian Mayhem project reported five bugs due to unsanitized input:
716127 (ncflint), 716128 (ncap), 716129 (ncap2),716506 (ncbo), and
716602 (ncecat)
Each bug causes a core dump rather than a clean exit(EXIT_FAILURE)
Fixed four of these by checking return values on strchr()
ncap2 bug triggered _inside_ strtoul() so hard to fix
Still thinking about that one.

Le 11/07/2013 16:38, Alexandre Rebert a écrit :
> Hi Charlie,
> 
> Dying with exit(EXIT_FAILURE) would be fine. In the attached testcase
> however, ncbo segfaults because of a null dereference. Here is the
> backtrace when the crash is happening:
> 
> #0  0xb7a37ad6 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #1  0xb7f9ed20 in nco_fl_mk_lcl () from
> /home/apr/tmp/crap/ncbo-report/crash/libs/libnco-4.0.9.so
> <http://libnco-4.0.9.so>
> #2  0x0804a547 in ?? ()
> #3  0xb79cee46 in __libc_start_main () from
> /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #4  0x0804c6cd in ?? ()
> 
> Best,
> Alex
> 
> 
> 
> On Thu, Jul 11, 2013 at 7:10 PM, Charlie Zender <zender at uci.edu
> <mailto:zender at uci.edu>> wrote:
> 
>     Hi,
> 
>     I am the NCO (package name nco) author/maintainer.
>     I am unsure how/if to respond to these Mayhem bug reports.
>     NCO is a set of command line operators written in C99.
>     When they receive incorrect input options, they die with
>     exit(EXIT_FAILURE), as recommended (I believe) by the C-standard.
>     Is there some other way they should die when given incorrect input?
> 
>     Thanks!
>     cz
> 
>     Le 10/07/2013 12:34, Alexandre Rebert a écrit :
>     > Package: nco
>     > Version: 4.0.9-1+b1
>     > Severity: normal
>     > User: mayhem at forallsecure.com <mailto:mayhem at forallsecure.com>
>     > Usertags: mayhem
>     >
>     > ncbo crashes with exit status 139. We confirmed the crash by
>     > re-running it in a fresh debian unstable installation.
>     >
>     > The attachment [1] contains a testcase (under ./crash) crashing the
>     > program. It ensures that you can easily reproduce the bug.
>     Additionally,
>     > under ./crash_info/, we include more information about the crash
>     such as
>     > a core dump, the dmesg generated by the crash, and its output.
>     >
>     > Regards,
>     > The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil
>     Cha, David Brumley, Manuel Egele)
>     > Cylab, Carnegie Mellon University
>     >
>     > [1]
>     http://www.forallsecure.com/bug-reports/427fd7430637448139f0fe0efa958d82e43894b7/full_report
>     >
>     >
>     > -- System Information:
>     > Debian Release: jessie/sid
>     >   APT prefers unstable
>     >   APT policy: (500, 'unstable')
>     > Architecture: i386 (i686)
>     >
>     > Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core)
>     > Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
>     > Shell: /bin/sh linked to /bin/dash
>     >
>     > Versions of packages nco depends on:
>     > ii  dpkg             1.16.10
>     > ii  install-info     5.1.dfsg.1-3
>     > ii  libc6            2.17-6
>     > ii  libcurl3-gnutls  7.31.0-1
>     > ii  libgcc1          1:4.8.1-4
>     > ii  libgsl0ldbl      1.15+dfsg.2-2
>     > ii  libnetcdfc7      1:4.1.3-6+b1
>     > ii  libstdc++6       4.8.1-4
>     > ii  libudunits2-0    2.1.23-4
>     >
>     > nco recommends no packages.
>     >
>     > nco suggests no packages.
>     >
>     > -- no debconf information
>     >
> 
>     --
>     Charlie Zender, Earth System Sci. & Computer Sci.
>     University of California, Irvine 949-891-2429 <tel:949-891-2429> )'(
> 
> 

-- 
Charlie Zender, Earth System Sci. & Computer Sci.
University of California, Irvine 949-891-2429 )'(

More information about the Pkg-grass-devel mailing list