Ubuntu GNOME

tracker-extract crashed with signal 5 in g_malloc()

Bug #1178402 reported by Esdras de Morais
724
This bug affects 133 people
Affects Status Importance Assigned to Milestone
Tracker
Fix Released
Medium
Ubuntu GNOME
Fix Released
High
Unassigned
tracker (Ubuntu)
Fix Released
High
Unassigned
Trusty
Fix Released
High
Unassigned
Xenial
Fix Released
High
Unassigned

Bug Description

* Impact
An integer overflow occurs when tracker-extract comes across an extremely large GIF image or one which is specifically crafted.

* Test case
If for instance this file https://bugzilla.gnome.org/attachment.cgi?id=326198 is saved on a computer tracker-extract will crash when it gets to it unless the patches are applied.

* Regression potential
I have not tested these patches but the fix is in the Yakkety version and I do not experience the crash there and no regressions.

----------------------------------

Original report:

Lock Interface and PC

ProblemType: Crash
DistroRelease: Ubuntu 13.04
Package: tracker-extract 0.16.0-2ubuntu1~ubuntu13.04.1 [origin: LP-PPA-gnome3-team-gnome3]
ProcVersionSignature: Ubuntu 3.8.0-19.30-generic 3.8.8
Uname: Linux 3.8.0-19-generic i686
ApportVersion: 2.9.2-0ubuntu8
Architecture: i386
Date: Thu May 9 16:45:04 2013
ExecutablePath: /usr/lib/tracker/tracker-extract
InstallationDate: Installed on 2013-04-29 (9 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release i386 (20130424)
MarkForUpload: True
ProcCmdline: /usr/lib/tracker/tracker-extract
ProcEnviron:
 SHELL=/bin/bash
 XDG_RUNTIME_DIR=<set>
 PATH=(custom, no user)
 LANGUAGE=pt_BR:pt:en
 LANG=pt_BR.UTF-8
Signal: 5
SourcePackage: tracker
StacktraceTop:
 g_malloc () from /lib/i386-linux-gnu/libglib-2.0.so.0
 tracker_extract_get_metadata () from /usr/lib/tracker-0.16/extract-modules/libextract-gif.so
 ?? ()
 ?? ()
 ?? ()
Title: tracker-extract crashed with signal 5 in g_malloc()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

See original description
Revision history for this message
Esdras de Morais (esdrasdemorais) wrote :
Tim Lunn (darkxst)
information type: Private → Public
Ubuntu GNOME (ug-bot)
tags: removed: need-i386-retrace
Revision history for this message
Borja Diez (borchuelo) wrote :

I have the same problem in Ubuntu 14.04

Revision history for this message
Kaname (kurankaname536) wrote :

I have the same Bug with In ubuntu 14.04 and gnome 3.12

Revision history for this message
Ubuntu GNOME (ug-bot) wrote :

Thank you for reporting this bug to Ubuntu. raring reached EOL on Jan 27, 2014.
Please see this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases

Please feel free to report any other bugs you may find.

Changed in ubuntu-gnome:
status: New → Expired
Revision history for this message
Ian (ian-dalton) wrote :

This doesn't just affect Raring. Like other commenters, it happens to me with 14.04.

Changed in ubuntu-gnome:
status: Expired → New
Revision history for this message
C. Brazill-LP (dragonlager) wrote :

using Gnome 3.10 on Ubuntu 14.04
Crash report after importing an .ics calendar file to Evolution from internet via Firefox 31.

additionally had to restart the shell to see the new Calendar items in the Gnome dropdown calendar, although the file was imported successfully into Evolution calendar. also i have California Calendar installed.

-C

Revision history for this message
Tobias Schönberg (tobias47n9e) wrote :

I'm using Ubuntu 14.04 (proper, i.e. Unity) with Gnome desktop installed later

Revision history for this message
Bruce Pieterse (octoquad) wrote :

Borja and others affected on 14.04. Please can you confirm if you still have this problem.

tags: added: trusty
removed: raring
Changed in ubuntu-gnome:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for Ubuntu GNOME because there has been no activity for 60 days.]

Changed in ubuntu-gnome:
status: Incomplete → Expired
Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :

I am running Ubuntu GNOME 16.04.1 with GNOME 3.20 and I just experienced this issue.

Changed in ubuntu-gnome:
status: Expired → Confirmed
tags: added: xenial
Changed in tracker (Ubuntu):
status: New → Confirmed
Alberto Salvia Novella (es20490446e)
Changed in tracker (Ubuntu):
importance: Undecided → High
Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :

I now experience this issue constantly and many many times a day.

Bug Watch Updater (bug-watch-updater)
Changed in tracker:
importance: Unknown → Medium
status: Unknown → Confirmed
Wise Melon (wise-melon-deactivatedaccount)
Changed in tracker:
importance: Medium → Unknown
status: Confirmed → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in tracker:
importance: Unknown → Medium
status: Unknown → Fix Released
Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :

An upstream fix has been released, I am working on making debdiffs for this now.

Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :

Also it seems as though the fix is already in the version on Yakkety. So just backporting it into the previous releases.

Jeremy Bícha (jbicha)
Changed in tracker (Ubuntu):
status: Confirmed → Fix Released
Changed in tracker (Ubuntu Xenial):
status: New → Triaged
importance: Undecided → High
Changed in ubuntu-gnome:
importance: Undecided → High
status: Confirmed → Triaged
Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :

Due to large differences in code I do not currently have a debdiff for Precise, but I will upload my Trusty and Xenial ones now.

description: updated
tags: added: patch
Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :

Does this issue even occur on Precise?

information type: Public → Public Security
Revision history for this message
Jeremy Bícha (jbicha) wrote :

Since tracker was in universe for precise, there's no longer a commitment to providing fixes there. The oldest duplicate bug here is from 12.10 (quantal). Ubuntu GNOME didn't even exist until 13.04.

Changed in tracker (Ubuntu Trusty):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :

I have made some small improvements to the changelogs of the patches and am reuploading them.

Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :
Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiffs in comments #20 and #21. Packages are building now and will be released as security updates.

Thanks!

Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :

You're welcome!

Bruce Pieterse (octoquad)
Changed in ubuntu-gnome:
status: Triaged → Fix Committed
Changed in tracker (Ubuntu Trusty):
status: Triaged → Fix Committed
Changed in tracker (Ubuntu Xenial):
status: Triaged → Fix Committed
Changed in ubuntu-gnome:
status: Fix Committed → In Progress
Changed in tracker (Ubuntu Trusty):
status: Fix Committed → In Progress
Changed in tracker (Ubuntu Xenial):
status: Fix Committed → In Progress
Wise Melon (wise-melon-deactivatedaccount)
Changed in tracker (Ubuntu):
assignee: nobody → Nikita Yerenkov-Scott (yerenkov-scott)
Changed in ubuntu-gnome:
assignee: nobody → Nikita Yerenkov-Scott (yerenkov-scott)
Changed in tracker (Ubuntu Trusty):
assignee: nobody → Nikita Yerenkov-Scott (yerenkov-scott)
Changed in tracker (Ubuntu Xenial):
assignee: nobody → Nikita Yerenkov-Scott (yerenkov-scott)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tracker - 0.16.5-0ubuntu0.2

---------------
tracker (0.16.5-0ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow when skipping over
    decoded image data of extremely large or specially
    prepared GIF resulting in a program crash (LP: #1178402)
   - debian/patches/fix-gif-possible-integer-overflow.patch:
     Avoid integer overflow by reading/skipping over image data
     line by line in read_metadata in
     src/tracker-extract/tracker-extract-gif.c.

 -- Nikita Yerenkov-Scott <email address hidden> Sun, 09 Oct 2016 16:06:45 +0100

Changed in tracker (Ubuntu Trusty):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tracker - 1.6.2-0ubuntu1.1

---------------
tracker (1.6.2-0ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow when skipping over
    decoded image data of extremely large or specially
    prepared GIF resulting in a program crash (LP: #1178402)
   - debian/patches/fix-gif-possible-integer-overflow.patch:
     Avoid integer overflow by reading/skipping over image data
     line by line in read_metadata in
     src/tracker-extract/tracker-extract-gif.c.

 -- Nikita Yerenkov-Scott <email address hidden> Sun, 09 Oct 2016 16:06:45 +0100

Changed in tracker (Ubuntu Xenial):
status: In Progress → Fix Released
Bruce Pieterse (octoquad)
Changed in ubuntu-gnome:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.