Package: dvbsnoop Version: 1.4.50-5 Usertags: afl dvbsnoop crashes when trying to analyze the attached file:
$ dvbsnoop -if crash >/dev/null Segmentation fault Backtrace suggests it's an out-of-bounds read: #0 print_text2_468A (len=4294967294, b=0xffff5699 "", v=4) at helper.c:569 #1 print_text_468A (v=4, s=0x80c8e8c "component-description: ", b=0xffff5699 "", len=4294967294) at helper.c:551 #2 0x08083089 in descriptorDVB_Component (b=0xffff5691 "P\004") at dvb_descriptor.c:1306 #3 0x0808d389 in descriptorDVB (b=0xffff5691 "P\004") at dvb_descriptor.c:271 #4 0x0807fb3d in descriptor (b=0xffff5691 "P\004", scope=DVB_SI) at descriptor.c:172 #5 0x08064fd3 in section_EIT (b=0x2d <error: Cannot access memory at address 0x2d>, len=55) at eit.c:216 #6 0x08062e97 in guess_table (pid=<optimized out>, len=<optimized out>, buf=<optimized out>) at sectables.c:409 #7 decodeSI_packet (buf=0xffff565c "Q0Q", '0' <repeats 22 times>, len=55, pid=135250588) at sectables.c:288 #8 0x0806322d in processSI_packet (pid=65535, pkt_nr=2, buf=0xffff565c "Q0Q", '0' <repeats 22 times>, len=55) at sectables.c:225 #9 0x0804c85d in doReadSECT_2 (opt=0xffffd6c0) at dmx_sect.c:368 #10 0x0804ca6e in doReadSECT (opt=0xffffd6c0) at dmx_sect.c:180 #11 0x08049079 in main (argc=3, argv=0xffffd824) at dvbsnoop.c:211 #12 0xf7e2ea63 in __libc_start_main (main=0x8048b70 <main>, argc=3, argv=0xffffd824, init=0x80c41d0 <__libc_csu_init>, fini=0x80c4240 <__libc_csu_fini>, rtld_fini=0xf7febc90 <_dl_fini>, stack_end=0xffffd81c) at libc-start.c:287 #13 0x0804956a in _start () This bug was found using American fuzzy lop: http://lcamtuf.coredump.cx/afl/ (available in Debian experimental) -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages dvbsnoop depends on: ii libc6 2.19-15 -- Jakub Wilk
crash
Description: Binary data
