crash on amd64

Bug #1718687 reported by Anatoly Borodin on 2017-09-21
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
discover
New
Undecided
Unassigned
discover (Debian)
New
Unknown
discover (Ubuntu)
Status tracked in Bionic
Artful
Undecided
Unassigned
Bionic
Undecided
Unassigned

Bug Description

discover 2.1.2-7.1
libdiscover2 2.1.2-7.1
Ubuntu artful amd64

Running `discover` produces a crash:

Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
120 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1 0x00007ffff787abfe in __GI___strdup (s=0x555500000000 <error: Cannot access memory at address 0x555500000000>) at strdup.c:41
#2 0x00007ffff7bcf829 in discover_get_devices () from /usr/lib/libdiscover.so.2
#3 0x0000555555555a73 in ?? ()
#4 0x000055555555678e in ?? ()
#5 0x00007ffff78081c1 in __libc_start_main (main=0x555555555ea3, argc=1, argv=0x7fffffffe358, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
    stack_end=0x7fffffffe348) at ../csu/libc-start.c:308
#6 0x000055555555559a in ?? ()

Here is the fix of the problem:

Use the right type for `len`, avoid segmentation fault

`getline()` requires its second parameter to be `size_t *`. On the amd64
platform the size of `unsigned int` is 4 and the size of `size_t` is 8
bytes. Using a wrong pointer type can lead to a stack variables
corruption (overwriting with zeros) and a segmentation fault later.

See also similar `len` declarations in `_discover_get_pci_raw_sys()` in
the docs and `_discover_get_ata_raw()` / `discover_get_pci_raw_proc()` /
`discover_get_usb_raw()` in the source code.

Hans Joachim Desserud (hjd) wrote :

Thanks for reporting.

I can confirm the segfault on Ubuntu artful. I've subscribed the ubuntu-sponsors team which review patches.

tags: added: artful patch
Changed in discover (Ubuntu):
status: New → Confirmed
Changed in discover (Debian):
status: Unknown → New
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package discover - 2.1.2-7.1ubuntu1

---------------
discover (2.1.2-7.1ubuntu1) bionic; urgency=high

  * Apply patch from Anatoly Borodin fixing segmentation faults (LP: #1718687)

 -- Simon Quigley <email address hidden> Sun, 05 Nov 2017 10:12:35 -0600

Changed in discover (Ubuntu Bionic):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.