Ubuntu
libsass package

random_device: rdrand failed when using libsass 3.6.3 on some AMD Ryzen CPUs

Bug #1955870 reported by Ben Bucksch
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libsass (Ubuntu)
New
Undecided
Unassigned

Bug Description

https://github.com/sass/libsass/issues/3151

When using an application that uses libsass, the application crashes (segfaults) with `random_device: rdrand failed`.

## Reproduction

1. Start an application that uses libsass, e.g. simply run `hugo` or
   `npm install node-sass` or any library that depends on it.

## Actual results

```
terminate called after throwing an instance of 'std::runtime_error'
  what(): random_device: rdrand failed
Cancelled (Segfault)
```

## Expected result

Hugo, node-sass etc. work

## Version

This happens on Ubuntu 20.04 LTS with libsass / libsass1 version 3.6.3.

The problem is fixed in libsass 3.6.5, see https://github.com/sass/libsass/issues/3151 and https://github.com/sass/libsass/releases/tag/3.6.5

## Cause

1. Some AMD CPUs seem to return a non-random number, but still claim success. See e.g. [reports on Twitter](https://twitter.com/FiloSottile/status/1125840275346198529).
2. `std:random_device` throws an exception.
3. libsass is unable to cope, throws the exception up into the caller.
4. The calling application cannot possibly handle this error and fails.

## Fix

Update libsass from version 3.6.3 to 3.6.5.

See original description
Ben Bucksch (benbucksch)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.