Ubuntu on IBM z Systems

[UBUNTU 20.04] Crash in zlib deflateBound() function on s390x

Bug #2018293 reported by bugproxy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
In Progress
Medium
Skipper Bug Screeners
zlib (Ubuntu)
Fix Released
Medium
Frank Heimes
Focal
New
Undecided
Unassigned
Jammy
New
Undecided
Unassigned
Lunar
Won't Fix
Undecided
Unassigned
Mantic
Fix Released
Medium
Frank Heimes

Bug Description

SRU Justification:
==================

[ Impact ]

 * The zlib deflateBound() function can crash on s390x,
   if called before deflateInit().

 * The solution is that zlib on s390x needs to support
   calling deflateBound() always before deflateInit().

[ Test Plan ]

 * It's suggested to do a more overall or e2e test
   and run the zlib-ng test suite against the system zlib
   as follows:
   $ git clone https://github.com/zlib-ng/zlib-ng.git
   $ cd zlib-ng
   $ cmake -DZLIB_COMPAT=ON -DZLIBNG_ENABLE_TESTS=OFF -DBUILD_SHARED_LIBS=ON -DWITH_DFLTCC_DEFLATE=ON -DWITH_DFLTCC_INFLATE=ON .
   $ make gtest_zlib
   $ ldd gtest_zlib
     libz.so.1 => /lib/s390x-linux-gnu/libz.so.1 (0x000003fff7e00000)
   $ ./gtest_zlib

[ Where problems could occur ]

 * The only (single line) modification is in the if condition
   of the define DEFLATE_BOUND_ADJUST_COMPLEN statement in
   deflate.c.

 * Things can go wrong if the condition (or logic) is wrong,

 * or if other parts of the code are coded against the old behavior
   and are still expecting it.

 * The likely outcome would be still a crash
   or an unexpected behavior.

[ Other Info ]

 * Getting this into mantic first,
   before the SRU down to focal is done.
__________

Problem Description:
zlib deflateBound() function can crash on s390x when called before deflateInit().

Solution:
zlib on s390x needs to support calling deflateBound() before deflateInit().

The fix is squashed into the latest DFLTCC PR: https://github.com/madler/zlib/pull/410

Diff: https://github.com/madler/zlib/compare/113203437eda67261848b14b6c80a33ff7e33d34..f6d382a91a4e7d88b9b12ce0ecdffb1783878160

See original description
bugproxy (bugproxy)
tags: added: architecture-s3903164 bugnameltc-202410 severity-medium targetmilestone-inin---
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (fheimes)
affects: linux (Ubuntu) → zlib (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in zlib (Ubuntu):
importance: Undecided → Medium
Changed in ubuntu-z-systems:
importance: Undecided → Medium
Changed in zlib (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → nobody
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2023-08-02 05:26 EDT-------
According to iii, the crash also happens on 22.04. He did not check the other versions, but I think the fix needs to be applied to all Ubuntu releases that have the hardware compression acceleration patch ("410.patch").

Frank Heimes (fheimes)
Changed in zlib (Ubuntu):
status: New → Triaged
Changed in ubuntu-z-systems:
status: New → Triaged
Revision history for this message
Frank Heimes (fheimes) wrote :

I've created a patched version (first of all for mantic/23.10) that currently builds here:
https://launchpad.net/~fheimes/+archive/ubuntu/lp2018293

Also attaching the debdiff ...

Changed in zlib (Ubuntu Mantic):
status: Triaged → In Progress
assignee: nobody → Frank Heimes (fheimes)
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2023-08-02 10:24 EDT-------
Thanks!

Somehow I get:

Err:4 https://ppa.launchpadcontent.net/fheimes/lp2018293/ubuntu mantic InRelease
403 Forbidden [IP: 185.125.190.52 443]

after `add-apt-repository ppa:fheimes/lp2018293`. Am I missing something?

Revision history for this message
Frank Heimes (fheimes) wrote :

@Ilya Could you please help with providing a test plan, with
 * detailed instructions on how to reproduce/test the bug
 * these should allow someone who is not familiar with the affected
   package to reproduce the bug and verify that the updated package fixes
   the problem.

It can also be part of an existing test suite that might cover this here too,
or a dedicated test application or script.

That would be needed for the SRU into the L, J and F releases. Thx.

description: updated
Revision history for this message
Frank Heimes (fheimes) wrote (last edit ):

@comment #3
I assume that the build was not yet completed when you tried, since I kicked the builds off not long ago (the build is usually quick, but then it takes a while until the packages are moved to the right location).
But it's done now.
Alternatively you can also pick and wget the package(s) directly from here:
https://launchpad.net/~fheimes/+archive/ubuntu/lp2018293/+packages

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2023-08-02 11:39 EDT-------
Thanks! It works now. And all tests pass.

Regarding the test plan, I would suggest running the zlib-ng test suite against the system zlib as follows:

$ git clone https://github.com/zlib-ng/zlib-ng.git
$ cd zlib-ng
$ cmake -DZLIB_COMPAT=ON -DZLIBNG_ENABLE_TESTS=OFF -DBUILD_SHARED_LIBS=ON -DWITH_DFLTCC_DEFLATE=ON -DWITH_DFLTCC_INFLATE=ON .
$ make gtest_zlib
$ ldd gtest_zlib
libz.so.1 => /lib/s390x-linux-gnu/libz.so.1 (0x000003fff7e00000)
$ ./gtest_zlib

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Frank Heimes (fheimes) wrote :

Thx Ilya for the testing and the plan - I'll copy it over to the SRU Justification in the Bug description ...

description: updated
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Revision history for this message
Julian Andres Klode (juliank) wrote :

Sponsored the upload to mantic. If you want any SRUs sponsored, please prepare debdiffs for those and resubscribe ubuntu-sponsors.

Changed in zlib (Ubuntu Mantic):
assignee: Frank Heimes (fheimes) → Julian Andres Klode (juliank)
status: In Progress → Fix Committed
assignee: Julian Andres Klode (juliank) → Frank Heimes (fheimes)
Revision history for this message
Julian Andres Klode (juliank) wrote :

FWIW, the Test Plan seems inadequate to me, it seems it only tests that there are no regressions but not that the bug in question is actually fixed.

Revision history for this message
Frank Heimes (fheimes) wrote :

@juliank yes, I plan to work on SRUs too, but for these I need to consider further zlib tickets; and therefore plan to do it after mantic FF.

And I'll ask the bug reporter for a test case that better covers this particular case.

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2023-08-07 04:02 EDT-------
There is a test specifically for this problem in the testsuite: https://github.com/zlib-ng/zlib-ng/commit/fc49c98d1f47b4f041e0cc2668fa7b66c13a6377#diff-b32d480b520cfa62e45f8cb77e44a1e8c727344aa28e5c77f6dc5cbdf1ac8782

Frank Heimes (fheimes)
Changed in zlib (Ubuntu Mantic):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote :

Ubuntu 23.04 (Lunar Lobster) has reached end of life, so this bug will not be fixed for that specific release.

Changed in zlib (Ubuntu Lunar):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.