tracker-extract crashed with signal 5 in g_malloc()

Bug #1178402 reported by Esdras de Morais on 2013-05-09
724
This bug affects 133 people
Affects Status Importance Assigned to Milestone
Tracker
Fix Released
Medium
Ubuntu GNOME
High
Unassigned
tracker (Ubuntu)
High
Unassigned
Trusty
High
Unassigned
Xenial
High
Unassigned

Bug Description

* Impact
An integer overflow occurs when tracker-extract comes across an extremely large GIF image or one which is specifically crafted.

* Test case
If for instance this file https://bugzilla.gnome.org/attachment.cgi?id=326198 is saved on a computer tracker-extract will crash when it gets to it unless the patches are applied.

* Regression potential
I have not tested these patches but the fix is in the Yakkety version and I do not experience the crash there and no regressions.

----------------------------------

Original report:

Lock Interface and PC

ProblemType: Crash
DistroRelease: Ubuntu 13.04
Package: tracker-extract 0.16.0-2ubuntu1~ubuntu13.04.1 [origin: LP-PPA-gnome3-team-gnome3]
ProcVersionSignature: Ubuntu 3.8.0-19.30-generic 3.8.8
Uname: Linux 3.8.0-19-generic i686
ApportVersion: 2.9.2-0ubuntu8
Architecture: i386
Date: Thu May 9 16:45:04 2013
ExecutablePath: /usr/lib/tracker/tracker-extract
InstallationDate: Installed on 2013-04-29 (9 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release i386 (20130424)
MarkForUpload: True
ProcCmdline: /usr/lib/tracker/tracker-extract
ProcEnviron:
 SHELL=/bin/bash
 XDG_RUNTIME_DIR=<set>
 PATH=(custom, no user)
 LANGUAGE=pt_BR:pt:en
 LANG=pt_BR.UTF-8
Signal: 5
SourcePackage: tracker
StacktraceTop:
 g_malloc () from /lib/i386-linux-gnu/libglib-2.0.so.0
 tracker_extract_get_metadata () from /usr/lib/tracker-0.16/extract-modules/libextract-gif.so
 ?? ()
 ?? ()
 ?? ()
Title: tracker-extract crashed with signal 5 in g_malloc()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Tim Lunn (darkxst) on 2013-05-30
information type: Private → Public
Ubuntu GNOME (ug-bot) on 2013-11-15
tags: removed: need-i386-retrace
Borja Diez (borchuelo) wrote :

I have the same problem in Ubuntu 14.04

Kaname (kurankaname536) wrote :

I have the same Bug with In ubuntu 14.04 and gnome 3.12

Ubuntu GNOME (ug-bot) wrote :

Thank you for reporting this bug to Ubuntu. raring reached EOL on Jan 27, 2014.
Please see this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases

Please feel free to report any other bugs you may find.

Changed in ubuntu-gnome:
status: New → Expired
Ian (ian-dalton) wrote :

This doesn't just affect Raring. Like other commenters, it happens to me with 14.04.

Changed in ubuntu-gnome:
status: Expired → New
C. Brazill-LP (dragonlager) wrote :

using Gnome 3.10 on Ubuntu 14.04
Crash report after importing an .ics calendar file to Evolution from internet via Firefox 31.

additionally had to restart the shell to see the new Calendar items in the Gnome dropdown calendar, although the file was imported successfully into Evolution calendar. also i have California Calendar installed.

-C

Tobias Schönberg (tobias47n9e) wrote :

I'm using Ubuntu 14.04 (proper, i.e. Unity) with Gnome desktop installed later

Bruce Pieterse (octoquad) wrote :

Borja and others affected on 14.04. Please can you confirm if you still have this problem.

tags: added: trusty
removed: raring
Changed in ubuntu-gnome:
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

[Expired for Ubuntu GNOME because there has been no activity for 60 days.]

Changed in ubuntu-gnome:
status: Incomplete → Expired

I am running Ubuntu GNOME 16.04.1 with GNOME 3.20 and I just experienced this issue.

Changed in ubuntu-gnome:
status: Expired → Confirmed
tags: added: xenial
Changed in tracker (Ubuntu):
status: New → Confirmed
Changed in tracker (Ubuntu):
importance: Undecided → High

I now experience this issue constantly and many many times a day.

Changed in tracker:
importance: Unknown → Medium
status: Unknown → Confirmed
Changed in tracker:
importance: Medium → Unknown
status: Confirmed → Unknown
Changed in tracker:
importance: Unknown → Medium
status: Unknown → Fix Released

An upstream fix has been released, I am working on making debdiffs for this now.

Also it seems as though the fix is already in the version on Yakkety. So just backporting it into the previous releases.

Jeremy Bicha (jbicha) on 2016-10-09
Changed in tracker (Ubuntu):
status: Confirmed → Fix Released
Changed in tracker (Ubuntu Xenial):
status: New → Triaged
importance: Undecided → High
Changed in ubuntu-gnome:
importance: Undecided → High
status: Confirmed → Triaged

Due to large differences in code I do not currently have a debdiff for Precise, but I will upload my Trusty and Xenial ones now.

description: updated
tags: added: patch

Does this issue even occur on Precise?

information type: Public → Public Security
Jeremy Bicha (jbicha) wrote :

Since tracker was in universe for precise, there's no longer a commitment to providing fixes there. The oldest duplicate bug here is from 12.10 (quantal). Ubuntu GNOME didn't even exist until 13.04.

Changed in tracker (Ubuntu Trusty):
status: New → Triaged
importance: Undecided → High

I have made some small improvements to the changelogs of the patches and am reuploading them.

Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiffs in comments #20 and #21. Packages are building now and will be released as security updates.

Thanks!

You're welcome!

Changed in ubuntu-gnome:
status: Triaged → Fix Committed
Changed in tracker (Ubuntu Trusty):
status: Triaged → Fix Committed
Changed in tracker (Ubuntu Xenial):
status: Triaged → Fix Committed
Changed in ubuntu-gnome:
status: Fix Committed → In Progress
Changed in tracker (Ubuntu Trusty):
status: Fix Committed → In Progress
Changed in tracker (Ubuntu Xenial):
status: Fix Committed → In Progress
Changed in tracker (Ubuntu):
assignee: nobody → Nikita Yerenkov-Scott (yerenkov-scott)
Changed in ubuntu-gnome:
assignee: nobody → Nikita Yerenkov-Scott (yerenkov-scott)
Changed in tracker (Ubuntu Trusty):
assignee: nobody → Nikita Yerenkov-Scott (yerenkov-scott)
Changed in tracker (Ubuntu Xenial):
assignee: nobody → Nikita Yerenkov-Scott (yerenkov-scott)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tracker - 0.16.5-0ubuntu0.2

---------------
tracker (0.16.5-0ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow when skipping over
    decoded image data of extremely large or specially
    prepared GIF resulting in a program crash (LP: #1178402)
   - debian/patches/fix-gif-possible-integer-overflow.patch:
     Avoid integer overflow by reading/skipping over image data
     line by line in read_metadata in
     src/tracker-extract/tracker-extract-gif.c.

 -- Nikita Yerenkov-Scott <email address hidden> Sun, 09 Oct 2016 16:06:45 +0100

Changed in tracker (Ubuntu Trusty):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tracker - 1.6.2-0ubuntu1.1

---------------
tracker (1.6.2-0ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow when skipping over
    decoded image data of extremely large or specially
    prepared GIF resulting in a program crash (LP: #1178402)
   - debian/patches/fix-gif-possible-integer-overflow.patch:
     Avoid integer overflow by reading/skipping over image data
     line by line in read_metadata in
     src/tracker-extract/tracker-extract-gif.c.

 -- Nikita Yerenkov-Scott <email address hidden> Sun, 09 Oct 2016 16:06:45 +0100

Changed in tracker (Ubuntu Xenial):
status: In Progress → Fix Released
Changed in ubuntu-gnome:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.