Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Nov 2015 09:26:26 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Cc: "Simon ." <bofh666ftw@...glemail.com>
Subject: Re: suckless sent and libxft-dev 2.3.2-1 crash

On Monday 16 November 2015 23:47:16 Simon . wrote:
> Hi,
> 
> please review, whether this needs a CVE.

Compiling sent-0.1 with asan, shows this problem:

$ touch asd
$ ./sent asd                                                                                                                                                                                                                                    
ASAN:SIGSEGV                                                                                                                                                                                                                                                                   
=================================================================                                                                                                                                                                                                              
==6846==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 
(pc 0x0000004dede9 bp 0x7ffecbaa9680 sp 0x7ffecbaa7210 T0)                                                                                                                                             
    #0 0x4dede8 in configure /tmp/sent-0.1/sent.c:662:3                                                                                                                                                                                                                        
    #1 0x4de243 in run /tmp/sent-0.1/sent.c:509:13                                                                                                                                                                                                                             
    #2 0x4de243 in main /tmp/sent-0.1/sent.c:690                                                                                                                                                                                                                               
    #3 0x7f65d55bb7af in __libc_start_main (/lib64/libc.so.6+0x207af)                                                                                                                                                                                                          
    #4 0x436c48 in _start (/tmp/sent-0.1/sent+0x436c48)                                                                                                                                                                                                                        
                                                                                                                                                                                                                                                                               
AddressSanitizer can not provide additional info.                                                                                                                                                                                                                              
SUMMARY: AddressSanitizer: SEGV /tmp/sent-0.1/sent.c:662 configure                                                                                                                                                                                                             
==6846==ABORTING

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ