lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <g8sncp$8us$1@ger.gmane.org>
Date:	Sun, 24 Aug 2008 23:29:26 +0100
From:	Sitsofe Wheeler <sitsofe@...oo.com>
To:	linux-kernel@...r.kernel.org
Cc:	kernel-testers@...r.kernel.org
Subject:  Reproducible rRootage segfault with 2.6.25 and above (regression?)

I've found that when running certain levels in the game rRootage on 
kernels later than 2.6.24 a segfault will be caused. This segfault is 
not there on 2.6.24 (and below) though...

Frustratingly I have been unable to bisect my way to the kernel change 
because I hit a USB timeout issue bisecting between 2.6.24-2.6.25 which 
made booting impossible. Further it seems there are a number of 
conditions that need to be met before the problem manifests itself:

1. Compiler optimisation used to compile rRootage must be -O1 or higher 
(-Os also triggers the problem)
2. The running kernel (going by release) must be 2.6.25 or later.
3. The gcc used to compile the game must (seemingly) not be 3.3 (using 
4.2 shows the problem. Other versions may also show up the problem).
4. Not every level in every mode will show the problem (it seems linked 
to certain patterns). I have found level 9A in the green "GigaWing" mode 
is usually quick to trigger the issue but you may have to kill the first 
enemy once to see the problem (if you can just get to even that part it 
is likely the problem is non present).

I have seen the issue on a range of 2.6.25+ kernels (both hand compiled 
on openSUSE kernels and a pre-shipped 2.6.26-5 from Ubuntu 8.10).

The segfault in question is due to an array being accessed beyond its 
bounds (the array sctbl on this line 
http://www.koders.com/cpp/fid93F842B399CA68D754CADEC374AE934EED72C07D.aspx#L246 
). Running the game under valgrind on a 2.6.24 kernel did not generate 
any  warnings about that array (using MALLOC_CHECK_=2 didn't generate 
any warnings either). The problem has been reproduced on two different 
machines (a Thinkpad T60 and an eeePC).

Finally, this also afflicts a prebuilt binary from 2004 (which probably 
wasn't built using gcc4.x 
http://sourceforge.net/project/showfiles.php?group_id=112441 ).

The issue is fiddly but reproducible. All help in pinpointing the 
problem source is appreciated.

-- 
Sitsofe | http://sucs.org/~sits/

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ