On Tue, 2015-07-14 at 21:28 +0200, Benno Schulenberg wrote:

> One of the differences I see with a strace of mine is that you
> have extra calls to mprotect() in there.  What compiler does
> Debian use?  And what CFLAGS?

You can see the compiler commands used by clicking the Result column
for the architectures on this page.

https://buildd.debian.org/status/logs.php?pkg=nano

As the amd64 binaries are compiled on the package maintainer's machine,
the logs aren't available but the compiler commands should be the same.

Jordi, these days Debian supports almost-source-only uploads; you just
have to upload the arch all binary packages but not the amd64 ones. For
nano that means you only have to upload the source package.

> Can you reproduce this crash when you compile nano yourself?
> Or was it already self-compiled?

The original backtrace was reported with a version of nano from a
Debian binary package I built with disabling stripping debug symbols
from the Debian source package. I can still reproduce the problem with
the normal build from the Debian archive too.

> Oh, by the way: your nano reads several syntaxes twice.  You
> may wish to trim your ~/.nanorc or /etc/nanorc.  (This might
> even be at the base of the segfault.)

Thanks for the suggestion, done. Unfortunately still segfaults.

Interestingly if I run nano under valgrind it doesn't segfault but
there are definitely some coding problems; several uninitialised
values, memory leaks and reading into unaddressable bytes.

I'd strongly recommend running the latest cppcheck over the nano source
code. You could also run flawfinder and others. I would not want to
view a malicious file and have a flaw in nano result in arbitrary code
execution. I have a tool for running lots of check tools here:

https://anonscm.debian.org/cgit/collab-maint/check-all-the-things.git

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to