Bug#716363: [Mayhem] Bug report on libsvm-tools: svm-scale crashes with exit status 139

2015-11-24 Thread Alexandre Rebert 
Hey,

Sorry about the link not working anymore. The extra data was also attached
to the bug report luckily. You can download it at
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;msg=5;bug=716363;filename=svm-scale-report.tar.bz2
.

Best,
Alex

On Tue, Nov 24, 2015 at 10:07 PM, Chen-Tse Tsai  wrote:

> Hi,
>
> Thanks for reporting the bug. Since the link of your script is not
> available now, I couldn't reproduce the bug. Could you please provide it
> again?
>
> Thanks,
> Chen-Tse
>
>
>

Bug#715977: Gopher bug 715977

2015-11-12 Thread Alexandre Rebert 
Hey John

The report is actually attached to the bug report (gopher-report.tar.bz2).
We should have removed the URL from the report. Sorry about the confusion.

Best,
Alex

On Thu, Nov 12, 2015 at 12:46 PM, John Goerzen 
wrote:

> Hello Alexandre,
>
> I am attempting to fix the bug you reported.  However, the information
> needed to do so is in a site under forallsecure.com that is no longer
> responding.  Can you get me the information some other way?
>
> Thanks,
>
> John
>

Bug#715959: [Mayhem] Bug report on hdf5-tools: gif2h5 crashes with exit status 139

2013-12-24 Thread Alexandre Rebert 
Hi,

The program crashes with an invalid GIF, which you can find under
./crash/file_DA.symb. After looking at the code, the problem seems
to be in the main loop of Gif2Mem in gif2mem.c. The loop keeps going as
long as the block identifier is unknown. After many iterations, the memory
dereference *MemGif segfaults. Since MemGif is incremented at each
iteration, it eventually points to unmapped memory.

One solution is to pass the MemGif buffer size as an argument to Gif2mem,
and to check that reads are within bounds at each loop iteration.

Alex


On Tue, Dec 24, 2013 at 2:26 PM, pini p...@pustule.org wrote:

 Hi,

 Alexandre Rebert a écrit , Le 10/07/2013 21:07:

 Package: hdf5-tools
 Version: 1.8.10-patch1-1
 Severity: normal
 User: may...@forallsecure.com
 Usertags: mayhem

 gif2h5 crashes with exit status 139. We confirmed the crash by
 re-running it in a fresh debian unstable installation.

 The attachment [1] contains a testcase (under ./crash) crashing the
 program. It ensures that you can easily reproduce the bug. Additionally,
 under ./crash_info/, we include more information about the crash such as
 a core dump, the dmesg generated by the crash, and its output.

 Regards,
 The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha,
 David Brumley, Manuel Egele)
 Cylab, Carnegie Mellon University

 [1] http://www.forallsecure.com/bug-reports/
 44229785e52406a1153f91ea5e404ea14fe736af/full_report


 I fail to find a valid GIF file in your archive. This makes it difficult
 for me to understand the problem. Would you mind providing an actual GIF
 file?

 Thanks in advance,

 _g.

Bug#716516: [Mayhem] Bug report on xjdic: xjdxgen crashes with exit status 139

2013-09-14 Thread Alexandre Rebert 
Hi Ludovic,

Thanks for looking into the crash. After looking at the code, it seems that
the crash happen because ap is incremented twice (line 95, and line 117)
while arg_c is decremented once.

If we run the program with ./xjdxgen A A, at the end of the first loop
iteration, arg_c is 2, and ap points to argv[2]. At the beginning of second
iteration, ap is incremented and now points to argv[3] which is NULL.
Therefore, when ap is dereferenced, the program will crash

An easy way to fix that is to remove line 117 (ap++).

Best,
Alex


On Fri, Sep 13, 2013 at 1:26 PM, ldro...@debian.org wrote:

 Hi!

 All the bugs are caused by poor argv parsing.

 (gdb) bt
 #0  strcmp () at ../sysdeps/i386/i686/strcmp.S:39
 #1  0x08048884 in main (argc=3, argv=0xbe74) at xjdxgen.c:96

 How to fix this quickly???

 Excerpt of code around xjdxgen.c:96:

   ap = argv;
   arg_c = argc;
   while (arg_c  1)
   {
 --ap++;
 --if(strcmp(*ap,-h) == 0)  --- CRASH
 ...
 ...
 --strcpy(strtmp,*ap);
 --strcpy(Dname,*ap);
 --strcpy(JDXname,*ap);
 --strcat(JDXname,.xjdx);
 --printf(Commandline request to use files %s and %s
 \n,Dname,JDXname);
 --ap++;
 --arg_c--;
   }



 --
 Ludovic Drolez.

 http://www.aopensource.com - The Android Open Source Portal
 http://www.drolez.com - Personal site - Linux and Free Software