cp, mv, install: data loss due to free memory read
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
coreutils (Ubuntu) |
Fix Released
|
High
|
Colin Watson | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
Quantal |
Fix Released
|
High
|
Colin Watson | ||
Raring |
Fix Released
|
High
|
Colin Watson |
Bug Description
[Impact] cp/mv/install may read from freed memory in cases of very fragmented and sparse input files, sometimes producing corrupt output.
[Test case] The following command should succeed, with no output:
rm -f j j2 && perl -e 'for (1..600) { sysseek (*STDOUT, 4096, 1) && syswrite (*STDOUT, "a" x 1024) or die "$!" }' > j && valgrind --quiet --error-exitcode=3 cp j j2 && cmp j j2
[Regression potential] cp being what it is, ordinary use of a system for a while should be sufficient regression-testing.
Original report follows:
This was originally reported as happening on copying larges in highly-fragmented filesystems, and affects coreutils from 8.11 to 8.19 (8.20 has just been released with the fix included).
Ubuntu versions affected:
* Precise (8.13)
* Quantal (8.13)
* Raring (8.13)
Upstream bug: http://
Uptream ML thread: http://
Upstream commits:
* 64aef5fb9afecc0
* 0aeaa506ad9dd09
A test has been added to check for this error: tests/cp/
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: coreutils 8.13-3.2ubuntu2
ProcVersionSign
Uname: Linux 3.5.0-18-generic x86_64
ApportVersion: 2.6.1-0ubuntu6
Architecture: amd64
CheckboxSubmission: c8a7d84e13c3b25
CheckboxSystem: d00f84de8a55581
Date: Wed Oct 31 05:24:37 2012
InstallationDate: Installed on 2012-10-21 (9 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
MarkForUpload: True
SourcePackage: coreutils
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in coreutils (Ubuntu Raring): | |
assignee: | nobody → Colin Watson (cjwatson) |
description: | updated |
Changed in coreutils (Ubuntu Raring): | |
status: | New → Triaged |
Changed in coreutils (Ubuntu Quantal): | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in coreutils (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Colin Watson (cjwatson) |
milestone: | none → ubuntu-12.04.2 |
Changed in coreutils (Ubuntu Raring): | |
status: | Triaged → In Progress |
Changed in coreutils (Ubuntu Quantal): | |
status: | Triaged → In Progress |
Changed in coreutils (Ubuntu Precise): | |
status: | Triaged → In Progress |
This bug was fixed in the package coreutils - 8.13-3.2ubuntu7
---------------
coreutils (8.13-3.2ubuntu7) raring; urgency=low
* Backport require_valgrind_ so that tests work better.
* Make valgrind failures non-fatal; we don't have sufficiently accurate
suppressions for linker startup issues on all architectures. However,
do still run those tests and check for corrupted output.
* Don't build-depend on valgrind on armhf, as it apparently breaks there.
-- Colin Watson <email address hidden> Fri, 09 Nov 2012 10:01:28 +0000