consolekit: ck-get-x11-display-device segmentation fault

Bug #1130923 reported by Aleix Conchillo Flaqué on 2013-02-20
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
consolekit (Ubuntu)
High
Brian Murray
Precise
High
Brian Murray
Quantal
High
Brian Murray

Bug Description

Just updated to 12.04. Everytime I logged into GNOME 3 I got a segmentation fault from consolekit, specifically ck-get-x11-display-device (see below). After downloading and building package source I found out that this is because I have a hardware device that has a long name (blackmagic_serial has 17 characters):

$ cat /proc/drivers
/dev/tty /dev/tty 5 0 system:/dev/tty
/dev/console /dev/console 5 1 system:console
/dev/ptmx /dev/ptmx 5 2 system
/dev/vc/0 /dev/vc/0 4 0 system:vtmaster
rfcomm /dev/rfcomm 216 0-255 serial
blackmagic_serial /dev/blackmagic_serial 249 0-31 serial
ttyprintk /dev/ttyprintk 5 3 console
serial /dev/ttyS 4 64-111 serial
pty_slave /dev/pts 136 0-1048575 pty:slave
pty_master /dev/ptm 128 0-1048575 pty:master
unknown /dev/tty 4 1-63 console

However in src/ck-sysdeps-linux.c:

typedef struct tty_map_node {
        struct tty_map_node *next;
        guint major_number;
        guint minor_first;
        guint minor_last;
        char name[16];
        char devfs_type;
} tty_map_node;

The following patch solves this issue (simply increasing the array size):

--- ck-sysdeps-linux.c.orig 2013-02-20 13:17:46.971181590 -0800
+++ ck-sysdeps-linux.c 2013-02-20 13:18:04.491182079 -0800
@@ -93,7 +93,7 @@
         guint major_number;
         guint minor_first;
         guint minor_last;
- char name[16];
+ char name[32];
         char devfs_type;
 } tty_map_node;

===================================================

*** buffer overflow detected ***: /usr/lib/ConsoleKit/ck-get-x11-display-device terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f5310f48807]
/lib/x86_64-linux-gnu/libc.so.6(+0x109700)[0x7f5310f47700]
/lib/x86_64-linux-gnu/libc.so.6(+0x1089e6)[0x7f5310f469e6]
/usr/lib/ConsoleKit/ck-get-x11-display-device[0x401f48]
/usr/lib/ConsoleKit/ck-get-x11-display-device[0x402355]
/usr/lib/ConsoleKit/ck-get-x11-display-device[0x401823]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f5310e5f76d]
/usr/lib/ConsoleKit/ck-get-x11-display-device[0x401935]
======= Memory map: ========
00400000-00404000 r-xp 00000000 08:21 4722213 /usr/lib/ConsoleKit/ck-get-x11-display-device
00603000-00604000 r--p 00003000 08:21 4722213 /usr/lib/ConsoleKit/ck-get-x11-display-device
00604000-00605000 rw-p 00004000 08:21 4722213 /usr/lib/ConsoleKit/ck-get-x11-display-device
01628000-01649000 rw-p 00000000 00:00 0 [heap]
7f530fd9b000-7f530fdb0000 r-xp 00000000 08:21 25952362 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f530fdb0000-7f530ffaf000 ---p 00015000 08:21 25952362 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f530ffaf000-7f530ffb0000 r--p 00014000 08:21 25952362 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f530ffb0000-7f530ffb1000 rw-p 00015000 08:21 25952362 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f530ffb1000-7f530ffb6000 r-xp 00000000 08:21 4724829 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f530ffb6000-7f53101b5000 ---p 00005000 08:21 4724829 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f53101b5000-7f53101b6000 r--p 00004000 08:21 4724829 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f53101b6000-7f53101b7000 rw-p 00005000 08:21 4724829 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f53101b7000-7f53101b9000 r-xp 00000000 08:21 4719404 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f53101b9000-7f53103b8000 ---p 00002000 08:21 4719404 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f53103b8000-7f53103b9000 r--p 00001000 08:21 4719404 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f53103b9000-7f53103ba000 rw-p 00002000 08:21 4719404 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f53103ba000-7f53103c1000 r-xp 00000000 08:21 25952566 /lib/x86_64-linux-gnu/librt-2.15.so
7f53103c1000-7f53105c0000 ---p 00007000 08:21 25952566 /lib/x86_64-linux-gnu/librt-2.15.so
7f53105c0000-7f53105c1000 r--p 00006000 08:21 25952566 /lib/x86_64-linux-gnu/librt-2.15.so
7f53105c1000-7f53105c2000 rw-p 00007000 08:21 25952566 /lib/x86_64-linux-gnu/librt-2.15.so
7f53105c2000-7f53105da000 r-xp 00000000 08:21 25952564 /lib/x86_64-linux-gnu/libpthread-2.15.so
7f53105da000-7f53107d9000 ---p 00018000 08:21 25952564 /lib/x86_64-linux-gnu/libpthread-2.15.so
7f53107d9000-7f53107da000 r--p 00017000 08:21 25952564 /lib/x86_64-linux-gnu/libpthread-2.15.so
7f53107da000-7f53107db000 rw-p 00018000 08:21 25952564 /lib/x86_64-linux-gnu/libpthread-2.15.so
7f53107db000-7f53107df000 rw-p 00000000 00:00 0
7f53107df000-7f531081b000 r-xp 00000000 08:21 25952333 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7f531081b000-7f5310a1a000 ---p 0003c000 08:21 25952333 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7f5310a1a000-7f5310a1b000 r--p 0003b000 08:21 25952333 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7f5310a1b000-7f5310a1c000 rw-p 0003c000 08:21 25952333 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7f5310a1c000-7f5310a1e000 r-xp 00000000 08:21 25952370 /lib/x86_64-linux-gnu/libdl-2.15.so
7f5310a1e000-7f5310c1e000 ---p 00002000 08:21 25952370 /lib/x86_64-linux-gnu/libdl-2.15.so
7f5310c1e000-7f5310c1f000 r--p 00002000 08:21 25952370 /lib/x86_64-linux-gnu/libdl-2.15.so
7f5310c1f000-7f5310c20000 rw-p 00003000 08:21 25952370 /lib/x86_64-linux-gnu/libdl-2.15.so
7f5310c20000-7f5310c3d000 r-xp 00000000 08:21 4724832 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f5310c3d000-7f5310e3c000 ---p 0001d000 08:21 4724832 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f5310e3c000-7f5310e3d000 r--p 0001c000 08:21 4724832 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f5310e3d000-7f5310e3e000 rw-p 0001d000 08:21 4724832 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f5310e3e000-7f5310ff3000 r-xp 00000000 08:21 25952562 /lib/x86_64-linux-gnu/libc-2.15.so
7f5310ff3000-7f53111f2000 ---p 001b5000 08:21 25952562 /lib/x86_64-linux-gnu/libc-2.15.so
7f53111f2000-7f53111f6000 r--p 001b4000 08:21 25952562 /lib/x86_64-linux-gnu/libc-2.15.so
7f53111f6000-7f53111f8000 rw-p 001b8000 08:21 25952562 /lib/x86_64-linux-gnu/libc-2.15.so
7f53111f8000-7f53111fd000 rw-p 00000000 00:00 0
7f53111fd000-7f53112ef000 r-xp 00000000 08:21 25952337 /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3
7f53112ef000-7f53114ef000 ---p 000f2000 08:21 25952337 /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3
7f53114ef000-7f53114f0000 r--p 000f2000 08:21 25952337 /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3
7f53114f0000-7f53114f1000 rw-p 000f3000 08:21 25952337 /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3
7f53114f1000-7f53114f2000 rw-p 00000000 00:00 0
7f53114f2000-7f5311621000 r-xp 00000000 08:21 4721138 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f5311621000-7f5311821000 ---p 0012f000 08:21 4721138 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f5311821000-7f5311822000 r--p 0012f000 08:21 4721138 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f5311822000-7f5311826000 rw-p 00130000 08:21 4721138 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f5311826000-7f5311848000 r-xp 00000000 08:21 25952577 /lib/x86_64-linux-gnu/ld-2.15.so
7f5311a22000-7f5311a28000 rw-p 00000000 00:00 0
7f5311a3e000-7f5311a3f000 rw-p 00000000 00:00 0
7f5311a3f000-7f5311a46000 r--s 00000000 08:21 4729389 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7f5311a46000-7f5311a48000 rw-p 00000000 00:00 0
7f5311a48000-7f5311a49000 r--p 00022000 08:21 25952577 /lib/x86_64-linux-gnu/ld-2.15.so
7f5311a49000-7f5311a4b000 rw-p 00023000 08:21 25952577 /lib/x86_64-linux-gnu/ld-2.15.so
7fff9f81e000-7fff9f83f000 rw-p 00000000 00:00 0 [stack]
7fff9f8b2000-7fff9f8b3000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

The attachment "ck-sysdeps-linux.c.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Changed in consolekit (Ubuntu):
status: New → Triaged
importance: Undecided → High
Changed in consolekit (Ubuntu Precise):
status: New → Triaged
importance: Undecided → High
Changed in consolekit (Ubuntu Quantal):
status: New → Triaged
importance: Undecided → High
Changed in consolekit (Ubuntu):
assignee: nobody → Brian Murray (brian-murray)
Changed in consolekit (Ubuntu Quantal):
assignee: nobody → Brian Murray (brian-murray)
Changed in consolekit (Ubuntu Precise):
assignee: nobody → Brian Murray (brian-murray)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package consolekit - 0.4.5-3.1ubuntu2

---------------
consolekit (0.4.5-3.1ubuntu2) raring; urgency=low

  * debian/patches/04-long_device_names.patch: allow for device names longer
    than 16 characters. Thanks to Aleix Conchillo Flaqué for the patch.
    (LP: #1130923)
 -- Brian Murray <email address hidden> Mon, 04 Mar 2013 10:58:51 -0800

Changed in consolekit (Ubuntu):
status: Triaged → Fix Released
Chris Halse Rogers (raof) wrote :

It's not clear to me why we've arbitrarily increased 16 to 32, rather than PATH_MAX; it seems like there's still a potential edge case to hit here.

That said, there probably aren't _that_ many devices with 32 character names.

Changed in consolekit (Ubuntu Precise):
status: Triaged → Fix Committed
tags: added: verification-needed

Hello Aleix, or anyone else affected,

Accepted consolekit into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/consolekit/0.4.5-2ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Chris Halse Rogers (raof) wrote :

Hello Aleix, or anyone else affected,

Accepted consolekit into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/consolekit/0.4.5-3ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in consolekit (Ubuntu Quantal):
status: Triaged → Fix Committed

OK, just installed 0.4.5-3ubuntu0.1 and it seems to work fine. Thanks!

Yes, I guess PATH_MAX would have been the right thing, you are right. But as you say, I don't think there are many devices with names longer than 32 characters.

tags: added: verification-done-quantal
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package consolekit - 0.4.5-3ubuntu0.1

---------------
consolekit (0.4.5-3ubuntu0.1) quantal; urgency=low

  * debian/patches/04-long_device_names.patch: allow for device names longer
    than 16 characters. Thanks to Aleix Conchillo Flaqué for the patch.
    (LP: #1130923)
 -- Brian Murray <email address hidden> Mon, 04 Mar 2013 11:40:06 -0800

Changed in consolekit (Ubuntu Quantal):
status: Fix Committed → Fix Released
Bartosz Kosiorek (gang65) wrote :

After install consolekit package from precise-proposed, everything works perfectly.

Verification done.

Thanks.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package consolekit - 0.4.5-2ubuntu0.1

---------------
consolekit (0.4.5-2ubuntu0.1) precise-proposed; urgency=low

  * debian/patches/04-long_device_names.patch: allow for device names longer
    than 16 characters. Thanks to Aleix Conchillo Flaqué for the patch.
    (LP: #1130923)
 -- Brian Murray <email address hidden> Mon, 04 Mar 2013 12:14:32 -0800

Changed in consolekit (Ubuntu Precise):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for consolekit has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers