From helmut at subdivi.de  Sat Jul  6 12:05:47 2013
From: helmut at subdivi.de (Helmut Grohne)
Date: Sat, 6 Jul 2013 18:05:47 +0200
Subject: [jugglemaster] aajm crash found by mayhem
Message-ID: <20130706160546.GA14176@alf.mars>

As it was already posted to a public mailinglist I can share the link:
http://www.forallsecure.com/bug-reports/e4969ef9717548310e44a97ea017b2c03e124bdd/

Since there is no bug report yet, I write my findings here and will
forward them to the bug later.

The crashing invocation can be reduced to "aajm -s -". The -s option is
to specify a pattern and - is an invalid pattern. In fact any invalid
pattern will do. It is passed to jmlib which then calls the error
handler provided by aajm. The error handler in turn prints the error
using aalib. Unfortunately aalib is not yet initialized at the time
arguments are parsed. Boom.

What is the best recourse to fix this?
a) Start without a callback, check errors explicitly and then replace
   the callback.
b) Have a state variable of whether aalib is initialized and let the
   callback decide.

Thoughts welcome.

If this is going to result in a new jugglemaster release, please also
have a look at whether you can pick some patches from Debian:
http://patch-tracker.debian.org/package/jugglemaster/0.4-6

Helmut