Re: #420012 bug in libmrss or in glibc?
Nico Golde a écrit :
> Hi,
> http://bugs.debian.org/420012 is currently twisting my head.
>
> http://people.debian.org/~nion/nb-bt-full-complete.txt shows
> that this is no bug in the newsbeuter package. I don't
> really understand why the encoding variable is out of bounds
> and didn't find out with a quick look into libmrss code.
>
> What makes me wonder is that a recompile solves the issue.
> The bug doesn't appear with version 2.3.6... of glibc but
> with the new version in unstable 2.5.
>
> If the recompile solves the issue I am curious how this is
> a bug in libmrss or newsbeuter since the mrss version didn't
> change.
>
> Is it possible that it's a bug in libc?
> Any help is appreciated since I don't know how to do further
> debugging here.
>
> To reproduce this bug install newsbeuter (with 2.3.6.ds1-13
> of libc6 installed), echo
> "http://synflood.at/blog/index.php?/feeds/index.rss2">~/.newsbeuter/urls,
> start newsbeuter, press R to reload. This will work without
> any problem. Then update to 2.5-3 of libc6, start
> newsbeuter, press R and see it crashing :)
I am not able to reproduce the problem the way you described. Starting
from lenny where newsbeuter works, upgrading to libc6 2.5-3 does not
trigger the bug. Then upgrading to libmrss0 0.17.1-1 triggers the bug.
My guess is that the bug is in libmrss0. Anyway segfaults in strlen()
are always due to a problem in the pointer passed to the function.
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' aurel32@debian.org | aurelien@aurel32.net
`- people.debian.org/~aurel32 | www.aurel32.net
Reply to: