Bug#716506: [Mayhem] Bug report on nco: ncbo crashes with exit status 139
Charlie Zender
zender at uci.edu
Fri Jul 12 04:34:11 UTC 2013
Thank you for explaining this.
Your Mayhem project is very useful!
Please continue to bombard NCO with unsanitized input.
Unfortunately I think you will find more bugs :)
My summary of the issues is:
Debian Mayhem project reported five bugs due to unsanitized input:
716127 (ncflint), 716128 (ncap), 716129 (ncap2),716506 (ncbo), and
716602 (ncecat)
Each bug causes a core dump rather than a clean exit(EXIT_FAILURE)
Fixed four of these by checking return values on strchr()
ncap2 bug triggered _inside_ strtoul() so hard to fix
Still thinking about that one.
Le 11/07/2013 16:38, Alexandre Rebert a écrit :
> Hi Charlie,
>
> Dying with exit(EXIT_FAILURE) would be fine. In the attached testcase
> however, ncbo segfaults because of a null dereference. Here is the
> backtrace when the crash is happening:
>
> #0 0xb7a37ad6 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #1 0xb7f9ed20 in nco_fl_mk_lcl () from
> /home/apr/tmp/crap/ncbo-report/crash/libs/libnco-4.0.9.so
> <http://libnco-4.0.9.so>
> #2 0x0804a547 in ?? ()
> #3 0xb79cee46 in __libc_start_main () from
> /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #4 0x0804c6cd in ?? ()
>
> Best,
> Alex
>
>
>
> On Thu, Jul 11, 2013 at 7:10 PM, Charlie Zender <zender at uci.edu
> <mailto:zender at uci.edu>> wrote:
>
> Hi,
>
> I am the NCO (package name nco) author/maintainer.
> I am unsure how/if to respond to these Mayhem bug reports.
> NCO is a set of command line operators written in C99.
> When they receive incorrect input options, they die with
> exit(EXIT_FAILURE), as recommended (I believe) by the C-standard.
> Is there some other way they should die when given incorrect input?
>
> Thanks!
> cz
>
> Le 10/07/2013 12:34, Alexandre Rebert a écrit :
> > Package: nco
> > Version: 4.0.9-1+b1
> > Severity: normal
> > User: mayhem at forallsecure.com <mailto:mayhem at forallsecure.com>
> > Usertags: mayhem
> >
> > ncbo crashes with exit status 139. We confirmed the crash by
> > re-running it in a fresh debian unstable installation.
> >
> > The attachment [1] contains a testcase (under ./crash) crashing the
> > program. It ensures that you can easily reproduce the bug.
> Additionally,
> > under ./crash_info/, we include more information about the crash
> such as
> > a core dump, the dmesg generated by the crash, and its output.
> >
> > Regards,
> > The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil
> Cha, David Brumley, Manuel Egele)
> > Cylab, Carnegie Mellon University
> >
> > [1]
> http://www.forallsecure.com/bug-reports/427fd7430637448139f0fe0efa958d82e43894b7/full_report
> >
> >
> > -- System Information:
> > Debian Release: jessie/sid
> > APT prefers unstable
> > APT policy: (500, 'unstable')
> > Architecture: i386 (i686)
> >
> > Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core)
> > Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> > Shell: /bin/sh linked to /bin/dash
> >
> > Versions of packages nco depends on:
> > ii dpkg 1.16.10
> > ii install-info 5.1.dfsg.1-3
> > ii libc6 2.17-6
> > ii libcurl3-gnutls 7.31.0-1
> > ii libgcc1 1:4.8.1-4
> > ii libgsl0ldbl 1.15+dfsg.2-2
> > ii libnetcdfc7 1:4.1.3-6+b1
> > ii libstdc++6 4.8.1-4
> > ii libudunits2-0 2.1.23-4
> >
> > nco recommends no packages.
> >
> > nco suggests no packages.
> >
> > -- no debconf information
> >
>
> --
> Charlie Zender, Earth System Sci. & Computer Sci.
> University of California, Irvine 949-891-2429 <tel:949-891-2429> )'(
>
>
--
Charlie Zender, Earth System Sci. & Computer Sci.
University of California, Irvine 949-891-2429 )'(
More information about the Pkg-grass-devel
mailing list