I'm able to reproduce this issue. Note that the stdin input is not required for the crash. This is the output from valgrind when the program crash:
==18469== Memcheck, a memory error detector ==18469== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==18469== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==18469== Command: /usr/bin/oggThumb --E�===A ==18469== ==18469== Conditional jump or move depends on uninitialised value(s) ==18469== at 0x4C299DE: __GI_strncmp (mc_replace_strmem.c:535) ==18469== by 0x662A915: _getopt_internal_r (getopt.c:542) ==18469== by 0x662B74A: _getopt_internal (getopt.c:1131) ==18469== by 0x662B832: getopt_long (getopt1.c:66) ==18469== by 0x427FD9: oggThumbCmd(int, char**) (in /usr/bin/oggThumb) ==18469== by 0x429160: main (in /usr/bin/oggThumb) ==18469== ==18469== Invalid read of size 1 ==18469== at 0x4C299D9: __GI_strncmp (mc_replace_strmem.c:535) ==18469== by 0x662A915: _getopt_internal_r (getopt.c:542) ==18469== by 0x662B74A: _getopt_internal (getopt.c:1131) ==18469== by 0x662B832: getopt_long (getopt1.c:66) ==18469== by 0x427FD9: oggThumbCmd(int, char**) (in /usr/bin/oggThumb) ==18469== by 0x429160: main (in /usr/bin/oggThumb) ==18469== Address 0x83f1330 is 0 bytes after a block of size 512 alloc'd ==18469== at 0x4C286E7: operator new(unsigned long) (vg_replace_malloc.c:287) ==18469== by 0x42F22B: __gnu_cxx::new_allocator<double>::allocate(unsigned long, void const*) (in /usr/bin/oggThumb) ==18469== by 0x42D298: std::_Deque_base<double, std::allocator<double> >::_M_allocate_node() (in /usr/bin/oggThumb) ==18469== by 0x42F5FE: std::_Deque_base<double, std::allocator<double> >::_M_create_nodes(double**, double**) (in /usr/bin/oggThumb) ==18469== by 0x42DB29: std::_Deque_base<double, std::allocator<double> >::_M_initialize_map(unsigned long) (in /usr/bin/oggThumb) ==18469== by 0x42B199: std::_Deque_base<double, std::allocator<double> >::_Deque_base() (in /usr/bin/oggThumb) ==18469== by 0x429A49: std::deque<double, std::allocator<double> >::deque() (in /usr/bin/oggThumb) ==18469== by 0x427842: oggThumbCmd(int, char**) (in /usr/bin/oggThumb) ==18469== by 0x429160: main (in /usr/bin/oggThumb) ==18469== ==18469== Conditional jump or move depends on uninitialised value(s) ==18469== at 0x662A902: _getopt_internal_r (getopt.c:541) ==18469== by 0x662B74A: _getopt_internal (getopt.c:1131) ==18469== by 0x662B832: getopt_long (getopt1.c:66) ==18469== by 0x427FD9: oggThumbCmd(int, char**) (in /usr/bin/oggThumb) ==18469== by 0x429160: main (in /usr/bin/oggThumb) ==18469== ==18469== Use of uninitialised value of size 8 ==18469== at 0x4C299D9: __GI_strncmp (mc_replace_strmem.c:535) ==18469== by 0x662A915: _getopt_internal_r (getopt.c:542) ==18469== by 0x662B74A: _getopt_internal (getopt.c:1131) ==18469== by 0x662B832: getopt_long (getopt1.c:66) ==18469== by 0x427FD9: oggThumbCmd(int, char**) (in /usr/bin/oggThumb) ==18469== by 0x429160: main (in /usr/bin/oggThumb) ==18469== ==18469== ==18469== Process terminating with default action of signal 11 (SIGSEGV) ==18469== Access not within mapped region at address 0x700000467 ==18469== at 0x4C299D9: __GI_strncmp (mc_replace_strmem.c:535) ==18469== by 0x662A915: _getopt_internal_r (getopt.c:542) ==18469== by 0x662B74A: _getopt_internal (getopt.c:1131) ==18469== by 0x662B832: getopt_long (getopt1.c:66) ==18469== by 0x427FD9: oggThumbCmd(int, char**) (in /usr/bin/oggThumb) ==18469== by 0x429160: main (in /usr/bin/oggThumb) ==18469== If you believe this happened as a result of a stack ==18469== overflow in your program's main thread (unlikely but ==18469== possible), you can try to increase the size of the ==18469== main thread stack using the --main-stacksize= flag. ==18469== The main thread stack size used in this run was 8388608. ==18469== ==18469== HEAP SUMMARY: ==18469== in use at exit: 1,261 bytes in 7 blocks ==18469== total heap usage: 7 allocs, 0 frees, 1,261 bytes allocated ==18469== ==18469== LEAK SUMMARY: ==18469== definitely lost: 0 bytes in 0 blocks ==18469== indirectly lost: 0 bytes in 0 blocks ==18469== possibly lost: 109 bytes in 3 blocks ==18469== still reachable: 1,152 bytes in 4 blocks ==18469== suppressed: 0 bytes in 0 blocks ==18469== Rerun with --leak-check=full to see details of leaked memory ==18469== ==18469== For counts of detected and suppressed errors, rerun with: -v ==18469== Use --track-origins=yes to see where uninitialised values come from ==18469== ERROR SUMMARY: 8 errors from 4 contexts (suppressed: 4 from 4) ./crash.sh: line 16: 18469 Segmentation fault env -i MALLOC_CHECK_=0 $GDB valgrind /usr/bin/oggThumb "`cat $DIR/argv_1.symb`" Not quite sure how to fix it. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org