Bug 1012498

Summary: Suspect results of exploitability analysis
Product: [Fedora] Fedora Reporter: Miloslav Trmač <mitr>
Component: abrtAssignee: abrt <abrt-devel-list>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: abrt-devel-list, dvlasenk, iprikryl, jfilak, mmilata, rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-19 10:26:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miloslav Trmač 2013-09-26 14:50:44 UTC 
Looking at bug #1012128:
> Likely crash reason: Jump to an invalid address
Yet, in the backtrace, %rip is
> rip            0x7fb56ea6eb85	0x7fb56ea6eb85 <intel_miptree_map+85>
which, according to the disassembly directly below, seems to be a valid instruction address.
Comment 1 Denys Vlasenko 2013-10-03 09:34:07 UTC 
I don't know how it happens, need more diagnostic.

I added the following in order to have it:

commit f1a25dbb7c3d706ddd16122e1b8402d5311c8681
Author: Denys Vlasenko <dvlasenk>
Date:   Sun Sep 1 20:09:30 2013 +0200

    abrt-gdb-exploitable: print current instruction

    I've seen strange BZ created by abrt where "exploitable" element
    looked bogus. It claimed that the crash was jumping to bogus address
    yet crashing insn was a benign reg-to-reg move.

    This patch makes analyzer to record what it thinks current insn is.

    Signed-off-by: Denys Vlasenko <dvlasenk>
    Signed-off-by: Richard Marko <rmarko>

diff --git a/src/plugins/abrt-gdb-exploitable b/src/plugins/abrt-gdb-exploitable
index 950797b..abc1fa4 100755
--- a/src/plugins/abrt-gdb-exploitable
+++ b/src/plugins/abrt-gdb-exploitable
@@ -705,6 +705,8 @@ class AbrtExploitable(gdb.Command):
                     f = open(args[1], 'w')
                 f.write(_("Likely crash reason: ") + si.exploitable_desc + "\n")
                 f.write(_("Exploitable rating (0-9 scale): ") + str(si.exploitable_rating) + "\n")
+                if si.current_instruction:
+                    f.write(_("Current instruction: ") + si.current_instruction + "\n")
Comment 2 Denys Vlasenko 2013-10-03 09:51:06 UTC 
There are 522 bugs filed so far with "exploitable" element. I checked a few recent ones, all of them are:

Likely crash reason: Jump to an invalid address
Exploitable rating (0-9 scale): 6

:(
Comment 3 Jaroslav Reznik 2015-03-03 15:06:29 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment 4 Fedora End Of Life 2016-07-19 10:26:43 UTC 
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.