Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Mayhem <email@example.com> To: Debian Bug Tracking System: <firstname.lastname@example.org> Subject: lbreakout2: lbreakout2server crashes with exit status 136 X-Debbugs-Cc: none Package: lbreakout2 Version: 2.6.4-1 Severity: normal Tag: security User: email@example.com Usertags: mayhem lbreakout2server crashes with exit status 136. We confirmed the crash by re-running it in a fresh debian unstable installation. The attachment  contains a testcase (under ./crash) crashing the program. It ensures that you can easily reproduce the bug. Additionally, under ./crash_info/, we include more information about the crash such as a core dump, the dmesg generated by the crash, and its output. Regards, The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) Cylab, Carnegie Mellon University  http://www.forallsecure.com/bug-reports/19cc55c8b245ae8615fa5ad1cb27f77129eb659e/full_report -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages lbreakout2 depends on: ii lbreakout2-data 2.6.4-1 ii libc6 2.17-6 ii libpng12-0 1.2.49-4 ii libsdl-mixer1.2 1.2.12-5 ii libsdl1.2debian 1.2.15-5 ii zlib1g 1:1.2.8.dfsg-1 lbreakout2 recommends no packages. lbreakout2 suggests no packages. -- no debconf information
We would like to keep track of statistics of the bugs, so we would really appreciate it if you took the time to update its status.
We found the bug using Mayhem, an automatic bug finding system that we've been developing in David Brumley's research lab for a couple of years now. We recently ran Mayhem on almost all ELF binaries of Debian Wheezy (~23,000 binaries) for 5 minutes each, and we found thousands of crashes on thousands of application.
Our goal here is to make bug reports as complete and accurate as possible, so that we are not wasting your time. To minimize duplicates, we are reporting only one crash per binary, and at most 5 crashes per package. This amounts to 1,182 crashes. Moreover, to ensure accuracy, we confirmed all the crashes by re-running them in a fresh unstable installation. Finally, we also filter out assertion failures for now, as they seemed less important. In short, this report is reproducible and actionable.