Ubuntu
discover package

crash on amd64

Bug #1718687 reported by Anatoly Borodin
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
discover
New
Undecided
Unassigned
discover (Debian)
Fix Released
Unknown
discover (Ubuntu)
Fix Released
Undecided
Unassigned
Artful
New
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned

Bug Description

discover 2.1.2-7.1
libdiscover2 2.1.2-7.1
Ubuntu artful amd64

Running `discover` produces a crash:

Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
120 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1 0x00007ffff787abfe in __GI___strdup (s=0x555500000000 <error: Cannot access memory at address 0x555500000000>) at strdup.c:41
#2 0x00007ffff7bcf829 in discover_get_devices () from /usr/lib/libdiscover.so.2
#3 0x0000555555555a73 in ?? ()
#4 0x000055555555678e in ?? ()
#5 0x00007ffff78081c1 in __libc_start_main (main=0x555555555ea3, argc=1, argv=0x7fffffffe358, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
    stack_end=0x7fffffffe348) at ../csu/libc-start.c:308
#6 0x000055555555559a in ?? ()

Tags: patch artful
Revision history for this message
Anatoly Borodin (anatoly.borodin) wrote :

Here is the fix of the problem:

Use the right type for `len`, avoid segmentation fault

`getline()` requires its second parameter to be `size_t *`. On the amd64
platform the size of `unsigned int` is 4 and the size of `size_t` is 8
bytes. Using a wrong pointer type can lead to a stack variables
corruption (overwriting with zeros) and a segmentation fault later.

See also similar `len` declarations in `_discover_get_pci_raw_sys()` in
the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` /
`discover_get_usb_raw()` in the source code.

Revision history for this message
Hans Joachim Desserud (hjd) wrote :

Thanks for reporting.

I can confirm the segfault on Ubuntu artful. I've subscribed the ubuntu-sponsors team which review patches.

tags: added: artful patch
Changed in discover (Ubuntu):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in discover (Debian):
status: Unknown → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package discover - 2.1.2-7.1ubuntu1

---------------
discover (2.1.2-7.1ubuntu1) bionic; urgency=high

  * Apply patch from Anatoly Borodin fixing segmentation faults (LP: #1718687)

 -- Simon Quigley <email address hidden> Sun, 05 Nov 2017 10:12:35 -0600

Changed in discover (Ubuntu Bionic):
status: Confirmed → Fix Released
Revision history for this message
Simon Quigley (tsimonq2) wrote :

Unsubscribing ~ubuntu-sponsors as there's nothing left to sponsor.

If someone would like this in Artful, please fill out the SRU bug template as described here: https://wiki.ubuntu.com/StableReleaseUpdates

Thank you!

Bug Watch Updater (bug-watch-updater)
Changed in discover (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.