random_device: rdrand failed when using libsass 3.6.3 on some AMD Ryzen CPUs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libsass (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
https:/
When using an application that uses libsass, the application crashes (segfaults) with `random_device: rdrand failed`.
## Reproduction
1. Start an application that uses libsass, e.g. simply run `hugo` or
`npm install node-sass` or any library that depends on it.
## Actual results
```
terminate called after throwing an instance of 'std::runtime_
what(): random_device: rdrand failed
Cancelled (Segfault)
```
## Expected result
Hugo, node-sass etc. work
## Version
This happens on Ubuntu 20.04 LTS with libsass / libsass1 version 3.6.3.
The problem is fixed in libsass 3.6.5, see https:/
## Cause
1. Some AMD CPUs seem to return a non-random number, but still claim success. See e.g. [reports on Twitter](https:/
2. `std:random_device` throws an exception.
3. libsass is unable to cope, throws the exception up into the caller.
4. The calling application cannot possibly handle this error and fails.
## Fix
Update libsass from version 3.6.3 to 3.6.5.
description: | updated |