-
Notifications
You must be signed in to change notification settings - Fork 78
Some CVEs cause tool to crash #20
Comments
This error doesn't happen on the fixes branch. I'll have to merge this before the pending pull request #19 @popovich-sergei I'm going to have to merge my fixes branch today and finish that off, how is your rebase coming along? If that is to be finished today I'll merge yours first, if not I'm going to have to merge in fixes |
In the fixes branch while I will merge today, we have much better support for faux.csv type files (don't even need the -t flag anymore =))
|
Sidenote, if you're using that kernel, you're in big trouble. |
Closing as I believe this to be fixed in |
Unfortunately, still have the same issue. |
@jpaxy in that case can I get a trace with debugging symbols please? The last one was difficult to use :D ( |
Sorry about that :) (gdb) bt It seems that char *id is NULL for some reason. |
There is one empty item for some reason in issues GList in cve_add_package_internal(). |
No worries dude :D So is your file exactly as the one you posted above ? I think I can see what's going on here, need to confirm... l60:
This would imply the faux parse code is bricked and we're adding NULL pointers to the list or that we have a NULL CVE ID.. Which is even more worrying |
Aaah..
|
We really need to drop glib sooner rather than later.
^ Does that one help ? |
Did not solve the problem. Now it just aborts. Program received signal SIGABRT, Aborted. My .cvs file has only this one line: And I solved the issue by following patch |
This issue shouldn't even be possible:
This means that either NULL data is coming back from your libxml2 or that NULL data is coming back from your sqlite3. All of which look Really Really Bad. I'll patch something similar to yours in for now and print a whacking great big warning, but I can't accept your patch as is due to the obfuscation you've applied to it. |
…ualities Signed-off-by: Ikey Doherty <[email protected]>
For example following line in faux crashes cve-check-tool:
linux_kernel,3.10.17,,,
Starting program: /usr/bin/cve-check-tool -t faux pkgs.txt
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
__strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:209
209 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory.
(gdb) bt
#0 __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:209
#1 0x00007ffff6d59fc9 in g_str_equal ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2 0x000000000040b891 in ?? ()
#3 0x000000000040512b in ?? ()
#4 0x000000000040537a in ?? ()
#5 0x0000000000404bc9 in ?? ()
#6 0x00007ffff62a2ec5 in __libc_start_main (main=0x404060, argc=4,
#7 0x0000000000404dbf in ?? ()
The text was updated successfully, but these errors were encountered: