crash on amd64
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
discover |
New
|
Undecided
|
Unassigned | ||
discover (Debian) |
Fix Released
|
Unknown
|
|||
discover (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Artful |
Won't Fix
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
discover 2.1.2-7.1
libdiscover2 2.1.2-7.1
Ubuntu artful amd64
Running `discover` produces a crash:
Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/
120 ../sysdeps/
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/
#1 0x00007ffff787abfe in __GI___strdup (s=0x555500000000 <error: Cannot access memory at address 0x555500000000>) at strdup.c:41
#2 0x00007ffff7bcf829 in discover_
#3 0x0000555555555a73 in ?? ()
#4 0x000055555555678e in ?? ()
#5 0x00007ffff78081c1 in __libc_start_main (main=0x5555555
stack_
#6 0x000055555555559a in ?? ()
Changed in discover (Debian): | |
status: | Unknown → New |
Changed in discover (Debian): | |
status: | New → Fix Released |
Here is the fix of the problem:
Use the right type for `len`, avoid segmentation fault
`getline()` requires its second parameter to be `size_t *`. On the amd64
platform the size of `unsigned int` is 4 and the size of `size_t` is 8
bytes. Using a wrong pointer type can lead to a stack variables
corruption (overwriting with zeros) and a segmentation fault later.
See also similar `len` declarations in `_discover_ get_pci_ raw_sys( )` in get_ata_ raw()` / `discover_ get_pci_ raw_proc( )` / get_usb_ raw()` in the source code.
the docs and `_discover_
`discover_