Bug#716506: [Mayhem] Bug report on nco: ncbo crashes with exit status 139
Hi, I am the NCO (package name nco) author/maintainer. I am unsure how/if to respond to these Mayhem bug reports. NCO is a set of command line operators written in C99. When they receive incorrect input options, they die with exit(EXIT_FAILURE), as recommended (I believe) by the C-standard. Is there some other way they should die when given incorrect input? Thanks! cz Le 10/07/2013 12:34, Alexandre Rebert a écrit : Package: nco Version: 4.0.9-1+b1 Severity: normal User: may...@forallsecure.com Usertags: mayhem ncbo crashes with exit status 139. We confirmed the crash by re-running it in a fresh debian unstable installation. The attachment [1] contains a testcase (under ./crash) crashing the program. It ensures that you can easily reproduce the bug. Additionally, under ./crash_info/, we include more information about the crash such as a core dump, the dmesg generated by the crash, and its output. Regards, The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) Cylab, Carnegie Mellon University [1] http://www.forallsecure.com/bug-reports/427fd7430637448139f0fe0efa958d82e43894b7/full_report -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages nco depends on: ii dpkg 1.16.10 ii install-info 5.1.dfsg.1-3 ii libc62.17-6 ii libcurl3-gnutls 7.31.0-1 ii libgcc1 1:4.8.1-4 ii libgsl0ldbl 1.15+dfsg.2-2 ii libnetcdfc7 1:4.1.3-6+b1 ii libstdc++6 4.8.1-4 ii libudunits2-02.1.23-4 nco recommends no packages. nco suggests no packages. -- no debconf information -- Charlie Zender, Earth System Sci. Computer Sci. University of California, Irvine 949-891-2429 )'( ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
Bug#716506: [Mayhem] Bug report on nco: ncbo crashes with exit status 139
Hi Charlie, Dying with exit(EXIT_FAILURE) would be fine. In the attached testcase however, ncbo segfaults because of a null dereference. Here is the backtrace when the crash is happening: #0 0xb7a37ad6 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 #1 0xb7f9ed20 in nco_fl_mk_lcl () from /home/apr/tmp/crap/ncbo-report/crash/libs/libnco-4.0.9.so #2 0x0804a547 in ?? () #3 0xb79cee46 in __libc_start_main () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 #4 0x0804c6cd in ?? () Best, Alex On Thu, Jul 11, 2013 at 7:10 PM, Charlie Zender zen...@uci.edu wrote: Hi, I am the NCO (package name nco) author/maintainer. I am unsure how/if to respond to these Mayhem bug reports. NCO is a set of command line operators written in C99. When they receive incorrect input options, they die with exit(EXIT_FAILURE), as recommended (I believe) by the C-standard. Is there some other way they should die when given incorrect input? Thanks! cz Le 10/07/2013 12:34, Alexandre Rebert a écrit : Package: nco Version: 4.0.9-1+b1 Severity: normal User: may...@forallsecure.com Usertags: mayhem ncbo crashes with exit status 139. We confirmed the crash by re-running it in a fresh debian unstable installation. The attachment [1] contains a testcase (under ./crash) crashing the program. It ensures that you can easily reproduce the bug. Additionally, under ./crash_info/, we include more information about the crash such as a core dump, the dmesg generated by the crash, and its output. Regards, The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) Cylab, Carnegie Mellon University [1] http://www.forallsecure.com/bug-reports/427fd7430637448139f0fe0efa958d82e43894b7/full_report -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages nco depends on: ii dpkg 1.16.10 ii install-info 5.1.dfsg.1-3 ii libc62.17-6 ii libcurl3-gnutls 7.31.0-1 ii libgcc1 1:4.8.1-4 ii libgsl0ldbl 1.15+dfsg.2-2 ii libnetcdfc7 1:4.1.3-6+b1 ii libstdc++6 4.8.1-4 ii libudunits2-02.1.23-4 nco recommends no packages. nco suggests no packages. -- no debconf information -- Charlie Zender, Earth System Sci. Computer Sci. University of California, Irvine 949-891-2429 )'( ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
Bug#716506: [Mayhem] Bug report on nco: ncbo crashes with exit status 139
Thank you for explaining this. Your Mayhem project is very useful! Please continue to bombard NCO with unsanitized input. Unfortunately I think you will find more bugs :) My summary of the issues is: Debian Mayhem project reported five bugs due to unsanitized input: 716127 (ncflint), 716128 (ncap), 716129 (ncap2),716506 (ncbo), and 716602 (ncecat) Each bug causes a core dump rather than a clean exit(EXIT_FAILURE) Fixed four of these by checking return values on strchr() ncap2 bug triggered _inside_ strtoul() so hard to fix Still thinking about that one. Le 11/07/2013 16:38, Alexandre Rebert a écrit : Hi Charlie, Dying with exit(EXIT_FAILURE) would be fine. In the attached testcase however, ncbo segfaults because of a null dereference. Here is the backtrace when the crash is happening: #0 0xb7a37ad6 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 #1 0xb7f9ed20 in nco_fl_mk_lcl () from /home/apr/tmp/crap/ncbo-report/crash/libs/libnco-4.0.9.so http://libnco-4.0.9.so #2 0x0804a547 in ?? () #3 0xb79cee46 in __libc_start_main () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 #4 0x0804c6cd in ?? () Best, Alex On Thu, Jul 11, 2013 at 7:10 PM, Charlie Zender zen...@uci.edu mailto:zen...@uci.edu wrote: Hi, I am the NCO (package name nco) author/maintainer. I am unsure how/if to respond to these Mayhem bug reports. NCO is a set of command line operators written in C99. When they receive incorrect input options, they die with exit(EXIT_FAILURE), as recommended (I believe) by the C-standard. Is there some other way they should die when given incorrect input? Thanks! cz Le 10/07/2013 12:34, Alexandre Rebert a écrit : Package: nco Version: 4.0.9-1+b1 Severity: normal User: may...@forallsecure.com mailto:may...@forallsecure.com Usertags: mayhem ncbo crashes with exit status 139. We confirmed the crash by re-running it in a fresh debian unstable installation. The attachment [1] contains a testcase (under ./crash) crashing the program. It ensures that you can easily reproduce the bug. Additionally, under ./crash_info/, we include more information about the crash such as a core dump, the dmesg generated by the crash, and its output. Regards, The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) Cylab, Carnegie Mellon University [1] http://www.forallsecure.com/bug-reports/427fd7430637448139f0fe0efa958d82e43894b7/full_report -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages nco depends on: ii dpkg 1.16.10 ii install-info 5.1.dfsg.1-3 ii libc62.17-6 ii libcurl3-gnutls 7.31.0-1 ii libgcc1 1:4.8.1-4 ii libgsl0ldbl 1.15+dfsg.2-2 ii libnetcdfc7 1:4.1.3-6+b1 ii libstdc++6 4.8.1-4 ii libudunits2-02.1.23-4 nco recommends no packages. nco suggests no packages. -- no debconf information -- Charlie Zender, Earth System Sci. Computer Sci. University of California, Irvine 949-891-2429 tel:949-891-2429 )'( -- Charlie Zender, Earth System Sci. Computer Sci. University of California, Irvine 949-891-2429 )'( ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
Bug report on nco: ncbo crashes with exit status 139
Hi, We found a crash in ncbo contained in the nco package. You are being contacted because your are listed as one of the maintainer of nco. We are planning to submit the bug to the Debian bug tracking system in two weeks. We wanted to give you a heads-up, so that you some time to assess the seriousness of the bug before it is publicly disclosed. The bug report that will be submitted to the bug tracker is available at the following url: http://www.forallsecure.com/bug-reports/427fd7430637448139f0fe0efa958d82e43894b7/ This email is part of a mass bug reporting campain comprising 1,182 bugs. You might have received multiple emails from us concerning different programs. More information about the mass bug reporting is available on the debian-devel mailing list: http://lists.debian.org/debian-devel/2013/06/msg00720.html Regards, The Mayhem Team Cylab, Carnegie Mellon University ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel