[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: #420012 bug in libmrss or in glibc?

Nico Golde a écrit :
> Hi,
> http://bugs.debian.org/420012 is currently twisting my head.
> http://people.debian.org/~nion/nb-bt-full-complete.txt shows
> that this is no bug in the newsbeuter package. I don't 
> really understand why the encoding variable is out of bounds 
> and didn't find out with a quick look into libmrss code.
> What makes me wonder is that a recompile solves the issue.
> The bug doesn't appear with version 2.3.6... of glibc but 
> with the new version in unstable 2.5.
> If the recompile solves the issue I am curious how this is 
> a bug in libmrss or newsbeuter since the mrss version didn't 
> change.
> Is it possible that it's a bug in libc?
> Any help is appreciated since I don't know how to do further 
> debugging here.
> To reproduce this bug install newsbeuter (with 2.3.6.ds1-13 
> of libc6 installed), echo 
> "http://synflood.at/blog/index.php?/feeds/index.rss2";>~/.newsbeuter/urls,
> start newsbeuter, press R to reload. This will work without 
> any problem. Then update to 2.5-3 of libc6, start 
> newsbeuter, press R and see it crashing :)

I am not able to reproduce the problem the way you described. Starting
from lenny where newsbeuter works, upgrading to libc6 2.5-3 does not
trigger the bug. Then upgrading to libmrss0 0.17.1-1 triggers the bug.

My guess is that the bug is in libmrss0. Anyway segfaults in strlen()
are always due to a problem in the pointer passed to the function.

  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net

Reply to: