Bug#716610: [Mayhem] Bug report on liquidwar: liquidwar-mapgen crashes with exit status 139

Wed Jul 10 23:12:42 UTC 2013

OK, fixed it upstream, in git git://git.savannah.gnu.org/liquidwar.git

Basically, parsing of parameters was buggy, specifying "-s" (or possibly
some other params) without an extra param (eg -s 100) would cause a
segfault.

The patch can technically be backported to 5.6.4, but then, upcoming
5.6.5 has other security issues fixed. I should really release that one
(current git is not meant to ship in distribs IMHO). To backport the
patch, I suspect taking utils/lwmapgen/main.c from latest git and just
copy/paste it into old source tree should do the job.

Thanks for your extensive feedback, it's a pleasure to work with such
detailed material (and easy to pin the bug, BTW).

Have a nice day,

Christian.

On 2013-07-10 21:24, Alexandre Rebert wrote:
> Package: liquidwar
> Version: 5.6.4-3+b1
> Severity: normal
> User: mayhem at forallsecure.com
> Usertags: mayhem
> 
> liquidwar-mapgen crashes with exit status 139. We confirmed the crash by
> re-running it in a fresh debian unstable installation.
> 
> The attachment [1] contains a testcase (under ./crash) crashing the
> program. It ensures that you can easily reproduce the bug. Additionally,
> under ./crash_info/, we include more information about the crash such as
> a core dump, the dmesg generated by the crash, and its output.
> 
> Regards,
> The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele)
> Cylab, Carnegie Mellon University
> 
> [1] http://www.forallsecure.com/bug-reports/00f182005988ac0f1f9a74b04d96abff9d14cff0/full_report
> 
> 
> -- System Information:
> Debian Release: jessie/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: i386 (i686)
> 
> Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> Shell: /bin/sh linked to /bin/dash
> 
> Versions of packages liquidwar depends on:
> ii  liballegro4.4     2:4.4.2-2.1
> ii  libc6             2.17-6
> ii  liquidwar-data    5.6.4-3
> ii  liquidwar-server  5.6.4-3+b1
> 
> liquidwar recommends no packages.
> 
> liquidwar suggests no packages.
> 
> -- no debconf information
> 

-- 
Christian Mauduit
ufoot at ufoot.org
http://www.ufoot.org
int q = (2 * b) || !(2 * b);

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20130711/1d1a5d77/attachment-0001.sig>