Ubuntu
dpkg package

1.15.8.2 regression: dpkg-deb segfaults

Bug #612457 reported by Martin Pitt
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dpkg (Ubuntu)
Fix Released
Critical
Martin Pitt
Ubuntu maverick-alpha-3
Maverick
Fix Released
Critical
Martin Pitt
Ubuntu maverick-alpha-3

Bug Description

Binary package hint: dpkg

All maverick builds start to FTBFS now in dpkg-deb:

dpkg-deb: building package `libgdk-pixbuf2.0-0-dbgsym' in `../libgdk-pixbuf2.0-0-dbgsym_2.21.6-2ubuntu2_amd64.ddeb'.
*** buffer overflow detected ***: /usr/bin/dpkg-deb terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x2b8bb8f66947]
/lib/libc.so.6(+0xfe800)[0x2b8bb8f65800]
/lib/libc.so.6(+0xfdc69)[0x2b8bb8f64c69]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x2b8bb8edd04c]
/lib/libc.so.6(_IO_vfprintf+0x628)[0x2b8bb8eacc78]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x2b8bb8f64d09]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x2b8bb8f64c4f]
/usr/bin/dpkg-deb[0x40608a]
/usr/bin/dpkg-deb[0x40622b]
/usr/bin/dpkg-deb[0x40366e]
/usr/bin/dpkg-deb[0x405c21]
/lib/libc.so.6(__libc_start_main+0xfd)[0x2b8bb8e85d8d]
/usr/bin/dpkg-deb[0x402a29]
======= Memory map: ========

Related branches

lp:ubuntu/maverick/dpkg
Revision history for this message
Martin Pitt (pitti) wrote :

Reproduces perfectly well with pkg-create-dbgsym test suite:

[maverick] 0 martin@tick:~/ubuntu/pkg-create-dbgsym/pkg-create-dbgsym
$ tests/run
*** buffer overflow detected ***: /usr/bin/dpkg-deb terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x2ae04bb71947]
[...]

Changed in dpkg (Ubuntu):
importance: Undecided → Critical
milestone: none → maverick-alpha-3
status: New → Triaged
Revision history for this message
Martin Pitt (pitti) wrote :

This is not ddeb specific, normal builds fail as well:

dpkg-deb: Baue Paket »libgdk-pixbuf2.0-doc« in »../libgdk-pixbuf2.0-doc_2.21.6-2ubuntu1_all.deb«.
*** buffer overflow detected ***: /usr/bin/dpkg-deb terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x2af6674cd947]

Martin Pitt (pitti)
Changed in dpkg (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
Revision history for this message
Martin Pitt (pitti) wrote :

Ah, I tracked down the crash and have an easy fix. Now I noticed that this was already fixed in trunk:

http://git.debian.org/?p=dpkg/dpkg.git;a=commitdiff;h=f4e116b3a2afdbf2ee9fc2556782fa7cd773165c

Changed in dpkg (Ubuntu Maverick):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dpkg - 1.15.8.2ubuntu2

---------------
dpkg (1.15.8.2ubuntu2) maverick; urgency=low

  * Fix buffer overflow in dpkg_ar_member_put_header. Cherrypicked from trunk.
    (LP: #612457, Debian #591312)
  * debian/rules: Add build-tree/dpkg-deb to $PATH when calling dh_builddeb,
    to pull ourselves out of above swamp.
 -- Martin Pitt <email address hidden> Mon, 02 Aug 2010 11:03:18 +0200

Changed in dpkg (Ubuntu Maverick):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.