Bug#868554: pehash: segmentation fault
Control: severity -1 serious
On Sun, Jul 16, 2017 at 04:55:24PM +0200, Jakub Wilk wrote:
> Package: pev
> Version: 0.80-2
>
> pehash seems to crash on every file:
>
> $ echo 'int main(int argc, char **argv) {}' | i686-w64-mingw32-gcc -x c - -o test.exe
> $ pehash test.exe
> Segmentation fault
>
> Backtrace:
>
> #0 output_open_scope (scope_name=0x5655add8 "file", scope_type=OUTPUT_SCOPE_TYPE_OBJECT) at output.c:293
> #1 0x56556f42 in main (argc=<optimized out>, argv=<optimized out>) at pehash.c:557
pehash is not the only program that segfaults:
$ pescan --version
pescan from pev 0.50 <http://pev.sf.net> toolkit
Copyright (C) 2012 Fernando Mercês.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
$ pescan test.exe
entrypoint: normal
DOS stub: normal
TLS directory: found - 2 function(s)
Sections: 15 - suspicious
$
$ pescan --version
pescan from pev 0.80 <http://pev.sf.net> toolkit
License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.txt>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
$ pescan test.exe
file entropy: 5.924796 (normal)
fpu anti-disassembly: no
imagebase: normal
entrypoint: normal
DOS stub: normal
TLS directory: found - 1 function(s)
timestamp: normal
section count: 15 (high)
Segmentation fault
$
Raising severity to keep the broken version out of buster.
> Jakub Wilk
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Reply to: