710936 – [abrt] bsd-games-2.17-31.fc15: crc: Process /usr/bin/adventure was killed by signal 11 (SIGSEGV)

Bug 710936 - [abrt] bsd-games-2.17-31.fc15: crc: Process /usr/bin/adventure was killed by signal 11 (SIGSEGV)

Summary: [abrt] bsd-games-2.17-31.fc15: crc: Process /usr/bin/adventure was killed by ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bsd-games
Sub Component:
Version:	15
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Jeff Makey
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:3f96818c9b789692e2763a37653...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-06-05 21:38 UTC by thunderingexile
Modified:	2012-02-17 00:55 UTC (History)
CC List:	3 users (show)
Fixed In Version:	bsd-games-2.17-35.fc16
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-02-17 00:55:40 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description thunderingexile 2011-06-05 21:38:46 UTC

abrt version: 2.0.1
architecture:   x86_64
cmdline:        adventure
comment:        A segmentation fault occurs when entering a name for the saved game.
component:      bsd-games
crash_function: crc
executable:     /usr/bin/adventure
kernel:         2.6.38.6-27.fc15.x86_64
os_release:     Fedora release 15 (Lovelock)
package:        bsd-games-2.17-31.fc15
rating:         4
reason:         Process /usr/bin/adventure was killed by signal 11 (SIGSEGV)
time:           Sun Jun  5 23:21:43 2011
uid:            501
username:       Roger

event_log:      Binary file, 1377 bytes

backtrace:
:[New LWP 7210]
:Core was generated by `adventure'.
:Program terminated with signal 11, Segmentation fault.
:#0  0x0000000000400ec3 in crc (ptr=<optimized out>, nr=<optimized out>) at adventure/crc.c:133
:133	adventure/crc.c: No such file or directory.
:	in adventure/crc.c
:
:Thread 1 (LWP 7210):
:#0  0x0000000000400ec3 in crc (ptr=<optimized out>, nr=<optimized out>) at adventure/crc.c:133
:        i = 28730
:        p = <optimized out>
:#1  0x0000000000404f9c in save (outfile=0x7fff49c27cb0 "PartieGame1") at adventure/save.c:137
:        out = <optimized out>
:        p = <optimized out>
:        s = <optimized out>
:        sum = 207587068424
:        i = <optimized out>
:#2  0x0000000000408a47 in ciao () at adventure/wizard.c:144
:        c = 0x7fff49c27cbb ""
:        fname = "PartieGame1\000\060", '\000' <repeats 11 times>"\345, .@", '\000' <repeats 13 times>"\310, \000\000\000\000\000\000\000\234\344a\000\000\000\000\000p\265a\000\000\000\000\000\b}\302I\377\177\000\000\276\207@\000\000\000\000"
:#3  0x0000000000404e64 in main (argc=<optimized out>, argv=<optimized out>) at adventure/main.c:456
:        i = <optimized out>
:        rval = <optimized out>
:        ll = <optimized out>
:        kk = <optimized out>
:From                To                  Syms Read   Shared Object Library
:0x000000305521ec80  0x00000030553428ac  Yes         /lib64/libc.so.6
:0x0000003054e00b20  0x0000003054e1954a  Yes         /lib64/ld-linux-x86-64.so.2
:$1 = 0x0
:No symbol "__glib_assert_msg" in current context.
:rax            0x703af1fe3c00	123398470384640
:rbx            0x618d70	6393200
:rcx            0x0	0
:rdx            0x703a	28730
:rsi            0x61d09b	6410395
:rdi            0x61d09a	6410394
:rbp            0x7fff49c27cbb	0x7fff49c27cbb
:rsp            0x7fff49c27c58	0x7fff49c27c58
:r8             0x0	0
:r9             0x63206f7420656b69	7142831553560013673
:r10            0x20656874206c6c61	2334386829830941793
:r11            0x246	582
:r12            0x7fff49c27cb0	140734430870704
:r13            0x5e	94
:r14            0x65	101
:r15            0x0	0
:rip            0x400ec3	0x400ec3 <crc+67>
:eflags         0x10206	[ PF IF RF ]
:cs             0x33	51
:ss             0x2b	43
:ds             0x0	0
:es             0x0	0
:fs             0x0	0
:gs             0x0	0
:Dump of assembler code for function crc:
:   0x0000000000400e80 <+0>:	test   %esi,%esi
:   0x0000000000400e82 <+2>:	jle    0x400ef0 <crc+112>
:   0x0000000000400e84 <+4>:	sub    $0x1,%esi
:   0x0000000000400e87 <+7>:	mov    0x21831a(%rip),%rax        # 0x6191a8 <crcval>
:   0x0000000000400e8e <+14>:	xor    %r8d,%r8d
:   0x0000000000400e91 <+17>:	lea    (%rdi,%rsi,1),%rsi
:   0x0000000000400e95 <+21>:	movsbl (%rdi),%ecx
:   0x0000000000400e98 <+24>:	mov    %rax,%rdx
:   0x0000000000400e9b <+27>:	shr    $0x18,%rdx
:   0x0000000000400e9f <+31>:	xor    %ecx,%edx
:   0x0000000000400ea1 <+33>:	jne    0x400ebc <crc+60>
:   0x0000000000400ea3 <+35>:	mov    0x218307(%rip),%edx        # 0x6191b0 <step>
:   0x0000000000400ea9 <+41>:	lea    0x1(%rdx),%ecx
:   0x0000000000400eac <+44>:	cmp    $0x100,%ecx
:   0x0000000000400eb2 <+50>:	cmovae %r8d,%ecx
:   0x0000000000400eb6 <+54>:	mov    %ecx,0x2182f4(%rip)        # 0x6191b0 <step>
:   0x0000000000400ebc <+60>:	movslq %edx,%rdx
:   0x0000000000400ebf <+63>:	shl    $0x8,%rax
:=> 0x0000000000400ec3 <+67>:	xor    0x408bc0(,%rdx,8),%rax
:   0x0000000000400ecb <+75>:	cmp    %rsi,%rdi
:   0x0000000000400ece <+78>:	mov    %rax,0x2182d3(%rip)        # 0x6191a8 <crcval>
:   0x0000000000400ed5 <+85>:	jne    0x400ee0 <crc+96>
:   0x0000000000400ed7 <+87>:	and    $0xffffffff,%eax
:   0x0000000000400eda <+90>:	retq   
:   0x0000000000400edb <+91>:	nopl   0x0(%rax,%rax,1)
:   0x0000000000400ee0 <+96>:	add    $0x1,%rdi
:   0x0000000000400ee4 <+100>:	jmp    0x400e95 <crc+21>
:   0x0000000000400ee6 <+102>:	nopw   %cs:0x0(%rax,%rax,1)
:   0x0000000000400ef0 <+112>:	mov    0x2182b1(%rip),%rax        # 0x6191a8 <crcval>
:   0x0000000000400ef7 <+119>:	jmp    0x400ed7 <crc+87>
:End of assembler dump.

build_ids:
:5cc111ce758441128d08b5bc105a37addbc28a93
:2f709c0d80b7741b678d35892b3ffacecc03d50c
:846e45918ad76ca0f554057b087b9da560e1df99

dsos:
:/lib64/ld-2.13.90.so glibc-2.13.90-9.x86_64 (Fedora Project) 1305315722
:/lib64/libc-2.13.90.so glibc-2.13.90-9.x86_64 (Fedora Project) 1305315722
:/usr/bin/adventure bsd-games-2.17-31.fc15.x86_64 (Fedora Project) 1307304672

environ:
:ORBIT_SOCKETDIR=/tmp/orbit-Roger
:XDG_SESSION_ID=4
:HOSTNAME=localhost.localdomain
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GPG_AGENT_INFO=/tmp/keyring-U7lH6z/gpg:0:1
:TERM=xterm
:SHELL=/bin/bash
:HISTSIZE=1000
:XDG_SESSION_COOKIE=4b32694dafd3263cd68881610000000c-1307298756.486926-433348857
:GJS_DEBUG_OUTPUT=stderr
:WINDOWID=33554437
:GNOME_KEYRING_CONTROL=/tmp/keyring-U7lH6z
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=none
:USER=Roger
:LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:
:SSH_AUTH_SOCK=/tmp/keyring-U7lH6z/ssh
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/4578,unix/unix:/tmp/.ICE-unix/4578
:USERNAME=Roger
:PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/Roger/bin
:MAIL=/var/spool/mail/Roger
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/Roger
:XMODIFIERS=@im=none
:GNOME_KEYRING_PID=4570
:LANG=fr_CH.utf8
:GDM_LANG=fr_CH.utf8
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:HOME=/home/Roger
:SHLVL=2
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:LOGNAME=Roger
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-b8YwSxBe3K,guid=bfc449c036560214ebdef8df000022cb
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=7
:XDG_RUNTIME_DIR=/run/user/Roger
:DISPLAY=:0
:GTK_IM_MODULE=gtk-im-context-simple
:G_BROKEN_FILENAMES=1
:COLORTERM=gnome-terminal
:XAUTHORITY=/var/run/gdm/auth-for-Roger-ebyxvA/database
:_=/usr/bin/adventure

maps:
:00400000-0040b000 r-xp 00000000 fd:01 147514                             /usr/bin/adventure
:0060b000-0061a000 rw-p 0000b000 fd:01 147514                             /usr/bin/adventure
:0061a000-00620000 rw-p 00000000 00:00 0 
:01352000-01373000 rw-p 00000000 00:00 0                                  [heap]
:3054e00000-3054e21000 r-xp 00000000 fd:01 132876                         /lib64/ld-2.13.90.so
:3055020000-3055021000 r--p 00020000 fd:01 132876                         /lib64/ld-2.13.90.so
:3055021000-3055022000 rw-p 00021000 fd:01 132876                         /lib64/ld-2.13.90.so
:3055022000-3055023000 rw-p 00000000 00:00 0 
:3055200000-3055392000 r-xp 00000000 fd:01 134958                         /lib64/libc-2.13.90.so
:3055392000-3055592000 ---p 00192000 fd:01 134958                         /lib64/libc-2.13.90.so
:3055592000-3055596000 r--p 00192000 fd:01 134958                         /lib64/libc-2.13.90.so
:3055596000-3055597000 rw-p 00196000 fd:01 134958                         /lib64/libc-2.13.90.so
:3055597000-305559d000 rw-p 00000000 00:00 0 
:7f9fe5138000-7f9fe513b000 rw-p 00000000 00:00 0 
:7f9fe514b000-7f9fe514e000 rw-p 00000000 00:00 0 
:7fff49c09000-7fff49c2a000 rw-p 00000000 00:00 0                          [stack]
:7fff49c7f000-7fff49c80000 r-xp 00000000 00:00 0                          [vdso]
:ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Comment 1 Jan Lieskovsky 2011-06-06 08:54:15 UTC

Hello,

  thank you for your report.

(In reply to comment #0)
> abrt version: 2.0.1
> architecture:   x86_64
> cmdline:        adventure
> comment:        A segmentation fault occurs when entering a name for the saved
> game.

Does this issue happens each time or does the saved game name / string
contains some special character? Also, do you happen to know, if it
is possible to play this game over network? (i.e. where the saved game
information would be saved on remote server)

> component:      bsd-games
> crash_function: crc
> executable:     /usr/bin/adventure
> kernel:         2.6.38.6-27.fc15.x86_64
> os_release:     Fedora release 15 (Lovelock)
> package:        bsd-games-2.17-31.fc15
> rating:         4
> reason:         Process /usr/bin/adventure was killed by signal 11 (SIGSEGV)
> time:           Sun Jun  5 23:21:43 2011
> uid:            501
> username:       Roger
> 
> event_log:      Binary file, 1377 bytes
> 
> backtrace:
> :[New LWP 7210]
> :Core was generated by `adventure'.
> :Program terminated with signal 11, Segmentation fault.
> :#0  0x0000000000400ec3 in crc (ptr=<optimized out>, nr=<optimized out>) at
> adventure/crc.c:133
> :133 adventure/crc.c: No such file or directory.
> : in adventure/crc.c

Also, here. Could you please list the content of bsd-games package,
installed on your system (rpm -ql bsd-games) and find out, if
'adventure/crc.c' is present in the list? If so, what is the output of:

file 'path_to_adventure/adventure/crc.c' command?

Thank you & Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

> :
> :Thread 1 (LWP 7210):
> :#0  0x0000000000400ec3 in crc (ptr=<optimized out>, nr=<optimized out>) at
> adventure/crc.c:133
> :        i = 28730
> :        p = <optimized out>
> :#1  0x0000000000404f9c in save (outfile=0x7fff49c27cb0 "PartieGame1") at
> adventure/save.c:137
> :        out = <optimized out>
> :        p = <optimized out>
> :        s = <optimized out>
> :        sum = 207587068424
> :        i = <optimized out>
> :#2  0x0000000000408a47 in ciao () at adventure/wizard.c:144
> :        c = 0x7fff49c27cbb ""
> :        fname = "PartieGame1\000\060", '\000' <repeats 11 times>"\345, .@",
> '\000' <repeats 13 times>"\310,
> \000\000\000\000\000\000\000\234\344a\000\000\000\000\000p\265a\000\000\000\000\000\b}\302I\377\177\000\000\276\207@\000\000\000\000"
> :#3  0x0000000000404e64 in main (argc=<optimized out>, argv=<optimized out>) at
> adventure/main.c:456
> :        i = <optimized out>
> :        rval = <optimized out>
> :        ll = <optimized out>
> :        kk = <optimized out>
> :From                To                  Syms Read   Shared Object Library
> :0x000000305521ec80  0x00000030553428ac  Yes         /lib64/libc.so.6
> :0x0000003054e00b20  0x0000003054e1954a  Yes        
> /lib64/ld-linux-x86-64.so.2
> :$1 = 0x0
> :No symbol "__glib_assert_msg" in current context.
> :rax            0x703af1fe3c00 123398470384640
> :rbx            0x618d70 6393200
> :rcx            0x0 0
> :rdx            0x703a 28730
> :rsi            0x61d09b 6410395
> :rdi            0x61d09a 6410394
> :rbp            0x7fff49c27cbb 0x7fff49c27cbb
> :rsp            0x7fff49c27c58 0x7fff49c27c58
> :r8             0x0 0
> :r9             0x63206f7420656b69 7142831553560013673
> :r10            0x20656874206c6c61 2334386829830941793
> :r11            0x246 582
> :r12            0x7fff49c27cb0 140734430870704
> :r13            0x5e 94
> :r14            0x65 101
> :r15            0x0 0
> :rip            0x400ec3 0x400ec3 <crc+67>
> :eflags         0x10206 [ PF IF RF ]
> :cs             0x33 51
> :ss             0x2b 43
> :ds             0x0 0
> :es             0x0 0
> :fs             0x0 0
> :gs             0x0 0
> :Dump of assembler code for function crc:
> :   0x0000000000400e80 <+0>: test   %esi,%esi
> :   0x0000000000400e82 <+2>: jle    0x400ef0 <crc+112>
> :   0x0000000000400e84 <+4>: sub    $0x1,%esi
> :   0x0000000000400e87 <+7>: mov    0x21831a(%rip),%rax        # 0x6191a8
> <crcval>
> :   0x0000000000400e8e <+14>: xor    %r8d,%r8d
> :   0x0000000000400e91 <+17>: lea    (%rdi,%rsi,1),%rsi
> :   0x0000000000400e95 <+21>: movsbl (%rdi),%ecx
> :   0x0000000000400e98 <+24>: mov    %rax,%rdx
> :   0x0000000000400e9b <+27>: shr    $0x18,%rdx
> :   0x0000000000400e9f <+31>: xor    %ecx,%edx
> :   0x0000000000400ea1 <+33>: jne    0x400ebc <crc+60>
> :   0x0000000000400ea3 <+35>: mov    0x218307(%rip),%edx        # 0x6191b0
> <step>
> :   0x0000000000400ea9 <+41>: lea    0x1(%rdx),%ecx
> :   0x0000000000400eac <+44>: cmp    $0x100,%ecx
> :   0x0000000000400eb2 <+50>: cmovae %r8d,%ecx
> :   0x0000000000400eb6 <+54>: mov    %ecx,0x2182f4(%rip)        # 0x6191b0
> <step>
> :   0x0000000000400ebc <+60>: movslq %edx,%rdx
> :   0x0000000000400ebf <+63>: shl    $0x8,%rax
> :=> 0x0000000000400ec3 <+67>: xor    0x408bc0(,%rdx,8),%rax
> :   0x0000000000400ecb <+75>: cmp    %rsi,%rdi
> :   0x0000000000400ece <+78>: mov    %rax,0x2182d3(%rip)        # 0x6191a8
> <crcval>
> :   0x0000000000400ed5 <+85>: jne    0x400ee0 <crc+96>
> :   0x0000000000400ed7 <+87>: and    $0xffffffff,%eax
> :   0x0000000000400eda <+90>: retq   
> :   0x0000000000400edb <+91>: nopl   0x0(%rax,%rax,1)
> :   0x0000000000400ee0 <+96>: add    $0x1,%rdi
> :   0x0000000000400ee4 <+100>: jmp    0x400e95 <crc+21>
> :   0x0000000000400ee6 <+102>: nopw   %cs:0x0(%rax,%rax,1)
> :   0x0000000000400ef0 <+112>: mov    0x2182b1(%rip),%rax        # 0x6191a8
> <crcval>
> :   0x0000000000400ef7 <+119>: jmp    0x400ed7 <crc+87>
> :End of assembler dump.
> 
> build_ids:
> :5cc111ce758441128d08b5bc105a37addbc28a93
> :2f709c0d80b7741b678d35892b3ffacecc03d50c
> :846e45918ad76ca0f554057b087b9da560e1df99
> 
> dsos:
> :/lib64/ld-2.13.90.so glibc-2.13.90-9.x86_64 (Fedora Project) 1305315722
> :/lib64/libc-2.13.90.so glibc-2.13.90-9.x86_64 (Fedora Project) 1305315722
> :/usr/bin/adventure bsd-games-2.17-31.fc15.x86_64 (Fedora Project) 1307304672
> 
> environ:
> :ORBIT_SOCKETDIR=/tmp/orbit-Roger
> :XDG_SESSION_ID=4
> :HOSTNAME=localhost.localdomain
> :IMSETTINGS_INTEGRATE_DESKTOP=yes
> :GPG_AGENT_INFO=/tmp/keyring-U7lH6z/gpg:0:1
> :TERM=xterm
> :SHELL=/bin/bash
> :HISTSIZE=1000
> :XDG_SESSION_COOKIE=4b32694dafd3263cd68881610000000c-1307298756.486926-433348857
> :GJS_DEBUG_OUTPUT=stderr
> :WINDOWID=33554437
> :GNOME_KEYRING_CONTROL=/tmp/keyring-U7lH6z
> :'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
> :IMSETTINGS_MODULE=none
> :USER=Roger
> :LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:
> :SSH_AUTH_SOCK=/tmp/keyring-U7lH6z/ssh
> :SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/4578,unix/unix:/tmp/.ICE-unix/4578
> :USERNAME=Roger
> :PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/Roger/bin
> :MAIL=/var/spool/mail/Roger
> :DESKTOP_SESSION=gnome
> :QT_IM_MODULE=xim
> :PWD=/home/Roger
> :XMODIFIERS=@im=none
> :GNOME_KEYRING_PID=4570
> :LANG=fr_CH.utf8
> :GDM_LANG=fr_CH.utf8
> :GDMSESSION=gnome
> :HISTCONTROL=ignoredups
> :HOME=/home/Roger
> :SHLVL=2
> :GNOME_DESKTOP_SESSION_ID=this-is-deprecated
> :LOGNAME=Roger
> :DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-b8YwSxBe3K,guid=bfc449c036560214ebdef8df000022cb
> :'LESSOPEN=||/usr/bin/lesspipe.sh %s'
> :WINDOWPATH=7
> :XDG_RUNTIME_DIR=/run/user/Roger
> :DISPLAY=:0
> :GTK_IM_MODULE=gtk-im-context-simple
> :G_BROKEN_FILENAMES=1
> :COLORTERM=gnome-terminal
> :XAUTHORITY=/var/run/gdm/auth-for-Roger-ebyxvA/database
> :_=/usr/bin/adventure
> 
> maps:
> :00400000-0040b000 r-xp 00000000 fd:01 147514                            
> /usr/bin/adventure
> :0060b000-0061a000 rw-p 0000b000 fd:01 147514                            
> /usr/bin/adventure
> :0061a000-00620000 rw-p 00000000 00:00 0 
> :01352000-01373000 rw-p 00000000 00:00 0                                 
> [heap]
> :3054e00000-3054e21000 r-xp 00000000 fd:01 132876                        
> /lib64/ld-2.13.90.so
> :3055020000-3055021000 r--p 00020000 fd:01 132876                        
> /lib64/ld-2.13.90.so
> :3055021000-3055022000 rw-p 00021000 fd:01 132876                        
> /lib64/ld-2.13.90.so
> :3055022000-3055023000 rw-p 00000000 00:00 0 
> :3055200000-3055392000 r-xp 00000000 fd:01 134958                        
> /lib64/libc-2.13.90.so
> :3055392000-3055592000 ---p 00192000 fd:01 134958                        
> /lib64/libc-2.13.90.so
> :3055592000-3055596000 r--p 00192000 fd:01 134958                        
> /lib64/libc-2.13.90.so
> :3055596000-3055597000 rw-p 00196000 fd:01 134958                        
> /lib64/libc-2.13.90.so
> :3055597000-305559d000 rw-p 00000000 00:00 0 
> :7f9fe5138000-7f9fe513b000 rw-p 00000000 00:00 0 
> :7f9fe514b000-7f9fe514e000 rw-p 00000000 00:00 0 
> :7fff49c09000-7fff49c2a000 rw-p 00000000 00:00 0                         
> [stack]
> :7fff49c7f000-7fff49c80000 r-xp 00000000 00:00 0                         
> [vdso]
> :ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                 
> [vsyscall]

Comment 2 Tomas Hoger 2011-06-06 10:33:32 UTC

(In reply to comment #1)

> Also, here. Could you please list the content of bsd-games package,
> installed on your system (rpm -ql bsd-games) and find out, if
> 'adventure/crc.c' is present in the list? If so, what is the output of:
> 
> file 'path_to_adventure/adventure/crc.c' command?

You mis-understood the report.  adventure/crc.c is source file name, not an executable name.  adventure is executable, as abrt report says.

I see no reason to tag this as security flaw.  bsd-games are not shipped suid/sgid games as some games are in other distros.

The flaw here is buggy crc-32 bit implementation, that is not 64bit safe.  The code uses unsigned long (64bit on 64bit platforms) for crcval, but crc() assumes it's value never exceeds 2^32-1, but never enforces that.  On 64bit platforms, crcval can be >= 2^32, which results in i being >= 256, which results in buffer over-read when accessing crctab[].

This seems to fix the issue, but I've not put any effort into verifying whether this may break crc-32 specification compliance:

--- adventure/crc.c.orig	2003-12-17 03:47:37.000000000 +0100
+++ adventure/crc.c	2011-06-06 12:11:57.284547083 +0200
@@ -131,6 +131,7 @@ crc(ptr, nr)		/* Process nr bytes at a t
 					step = 0;
 			}
 			crcval = (crcval << 8) ^ crctab[i];
+			crcval &= 0xffffffff;	/* Mask to 32 bits. */
 		}
-	return crcval & 0xffffffff;	/* Mask to 32 bits. */
+	return crcval;
 }

Comment 3 Tomas Hoger 2011-06-06 10:43:43 UTC

(In reply to comment #2)
> I see no reason to tag this as security flaw.  bsd-games are not shipped
> suid/sgid games as some games are in other distros.

To correct myself: some games in bsd-games are sgid, adventure is not.

Comment 4 Fedora Admin XMLRPC Client 2012-01-11 05:05:56 UTC

This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 5 Fedora Update System 2012-01-26 19:30:38 UTC

bsd-games-2.17-35.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/bsd-games-2.17-35.fc16

Comment 6 Fedora Update System 2012-01-26 19:33:55 UTC

bsd-games-2.17-33.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/bsd-games-2.17-33.fc15

Comment 7 Fedora Update System 2012-01-28 03:23:43 UTC

Package bsd-games-2.17-35.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing bsd-games-2.17-35.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-0969/bsd-games-2.17-35.fc16
then log in and leave karma (feedback).

Comment 8 Fedora Update System 2012-02-17 00:54:17 UTC

bsd-games-2.17-33.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2012-02-17 00:55:40 UTC

bsd-games-2.17-35.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.