Date: Tue, 17 Nov 2015 09:26:26 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: "Simon ." <bofh666ftw@...glemail.com> Subject: Re: suckless sent and libxft-dev 2.3.2-1 crash On Monday 16 November 2015 23:47:16 Simon . wrote: > Hi, > > please review, whether this needs a CVE. Compiling sent-0.1 with asan, shows this problem: $ touch asd $ ./sent asd ASAN:SIGSEGV ================================================================= ==6846==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004dede9 bp 0x7ffecbaa9680 sp 0x7ffecbaa7210 T0) #0 0x4dede8 in configure /tmp/sent-0.1/sent.c:662:3 #1 0x4de243 in run /tmp/sent-0.1/sent.c:509:13 #2 0x4de243 in main /tmp/sent-0.1/sent.c:690 #3 0x7f65d55bb7af in __libc_start_main (/lib64/libc.so.6+0x207af) #4 0x436c48 in _start (/tmp/sent-0.1/sent+0x436c48) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /tmp/sent-0.1/sent.c:662 configure ==6846==ABORTING -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ