Integer overflow when processing giant field values
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
whoopsie (Ubuntu) |
Fix Released
|
Medium
|
Brian Murray |
Bug Description
Ubuntu release: 12.04
Package version: 0.1.33
When parsing fields in a crash report file, whoopsie will reallocate the value buffer when appending continuation lines. The current length of the buffer is computed by pointer arithmetic and the result stored in a signed integer. If the field value length reaches 2GB, then this value will overflow, and become negative. This will then cause whoopsie itself to abort, as it tries to allocate a huge amount of memory.
I would expect whoopsie to cope with such large input (which may be generated as the result of a memory-hungry process crashing and creating a very large compressed+
By inspection, I see that this issue is still present in current development versions: http://
I've attached a patch (created against the 0.1.33 sources, but should apply with minimal issues against later versions), that resolves the immediate issue. There's a more general question about the sanity of loading the entire crash file into memory, too (particularly as the CoreDump is never used unless the server requests it).
The attachment "whoopsie.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]