Package: birthday Version: 1.6.2-4 Severity: normal Dear Patrick Uiterwijk,
Some malformed input files result in a segmentation fault when running `birthday'. This is reproducible in both jessie and sid.
I have attached some example inputs that reproduce the bug and the backtraces from gdb. The backtraces point to line 537 in bdengine.c in the readlist() function.
The inputs were generated by afl-fuzz. Sincerely, Nathaniel Beaver -- System Information: Debian Release: 8.5 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages birthday depends on: ii libc6 2.19-18+deb8u4 Versions of packages birthday recommends: ii perl 5.20.2-3+deb8u5 birthday suggests no packages. -- no debconf information
birthday-bug.tar.gz
Description: application/gzip
