]] Alexandre Rebert Hi,
(Cc-ing you as I don't know if you're subscribed. Apologies for the extra copy if you are.) > I am a security researcher at Carnegie Mellon University, and my team > has found thousands of crashes in binaries downloaded from debian > wheeze packages. After contacting ow...@bugs.debian.org, Don Armstrong > advised us to contact you before submitting ~1.2K bug reports to the > Debian BTS using mainto...@bugs.debian.org (to avoid spamming > debian-bugs-dist). Thanks for getting in touch before filing a zillion bugs. :-) Also, thanks for helping make Debian better. > Our goal here is to make our bug reports as complete and accurate as > possible. To minimize duplicates, we are reporting only one crash per > binary, and at most 5 crashes per package. This amounts to ~1.2K > crashes. Moreover, to ensure accuracy, we confirmed all the crashes by > re-running them in a fresh unstable installation. Finally, we also > filter out assertion failures for now, as they seemed less important. > In short, every report is reproducible and actionable. The crash.sh script seems to set LD_LIBRARY_PATH. Is that actually needed? I'd prefer something that doesn't need something like that, since being able to crash apps if you load a broken library isn't very hard. > You can download the list of affected packages, with their maintainers > [3], generated with dd-list, as well as a sample bug report for > gcov-4.6 [4]. The bug report contains: > 1) the bug report that will be mailed to mainto...@bugs.debian.org > (report.txt) > 2) a testcase reproducing the crash in ./crash/ > 3) information about the crash in ./crash_info/: a core dump (core), > the output of the crash (crash_output.txt), the dmesg of the crash > (dmesg.txt), as well as the exit status (exit_status.txt). Since you're already running this under gdb, would you mind attaching a full backtrace with debug symbols installed too? Cheers, -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ehbqwwsg....@qurzaw.varnish-software.com
