2018-03-16 00:02:49 |
Thomas Middeldorp |
bug |
|
|
added bug |
2018-03-27 15:55:50 |
Matthias Klose |
nominated for series |
|
Ubuntu Bionic |
|
2018-03-27 15:55:50 |
Matthias Klose |
bug task added |
|
glibc (Ubuntu Bionic) |
|
2018-03-27 15:56:31 |
Matthias Klose |
glibc (Ubuntu Bionic): milestone |
|
ubuntu-18.04 |
|
2018-03-27 15:56:36 |
Matthias Klose |
glibc (Ubuntu Bionic): importance |
Undecided |
High |
|
2018-03-27 15:56:40 |
Matthias Klose |
glibc (Ubuntu Bionic): status |
New |
Confirmed |
|
2018-04-04 12:22:56 |
Francis Ginther |
tags |
|
id-5ac41c8a07e3bbcc42edc5cb |
|
2018-12-08 21:10:37 |
Adam Conrad |
nominated for series |
|
Ubuntu Xenial |
|
2018-12-08 21:10:37 |
Adam Conrad |
bug task added |
|
glibc (Ubuntu Xenial) |
|
2018-12-08 21:10:49 |
Adam Conrad |
glibc (Ubuntu): status |
Confirmed |
Fix Released |
|
2020-09-09 21:26:43 |
Balint Reczey |
description |
In glibc 2.21 they optimized i386 memcpy:
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
The implementation contained a bug which causes memmove to break when crossing the 2GB threshold.
This has been filed with glibc here (filed by someone else, but I have requested an update from them as well):
https://sourceware.org/bugzilla/show_bug.cgi?id=22644
Unfortunately they have not yet taken action on this bug, however I want to bring it to your attention in the hope that it can be patched into all current Ubuntu releases as soon as possible. I hope this is not improper procedure. Both myself and another (see comment 1 in the glibc bug report) have tested the patch provided in the above glibc bug report and it does appear to fix the problem, however I don't know what the procedure is for getting it properly confirmed/tested and merged into Ubuntu.
As requested in the guidelines:
1) We are using:
Description: Ubuntu 16.04.4 LTS
Release: 16.04
2)
libc6:i386:
Installed: 2.23-0ubuntu10
However as stated above this has been present since libc6:i386 2.21 and affects Ubuntu 15.04 onward. (I have actually tested this as well. 15.04 conveniently used both glibc 2.19 and 2.21 so it was a good test platform when I was initially attempting to track down the problem.)
3) What we expected to happen:
memmove should move data within the entire valid address space without segfaulting or corrupting memory.
4) What happened instead:
When memmove attempts to move data crossing the 2GB threshold it either segfaults or causes memory corruption. |
[Impact]
* i386 memmove breaks when crossing the 2GB threshold.
[Test Case]
* Compile and run the reproducer as described at https://github.com/fingolfin/memmove-bug or observe string/test-memmove test passing during the build/autopkgtest on i386.
[Regression Potential]
* Can break memmove, but this is unlikely since memmove is the very function fixed by fixing signedness handling.
[Original Bug Text]
In glibc 2.21 they optimized i386 memcpy:
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
The implementation contained a bug which causes memmove to break when crossing the 2GB threshold.
This has been filed with glibc here (filed by someone else, but I have requested an update from them as well):
https://sourceware.org/bugzilla/show_bug.cgi?id=22644
Unfortunately they have not yet taken action on this bug, however I want to bring it to your attention in the hope that it can be patched into all current Ubuntu releases as soon as possible. I hope this is not improper procedure. Both myself and another (see comment 1 in the glibc bug report) have tested the patch provided in the above glibc bug report and it does appear to fix the problem, however I don't know what the procedure is for getting it properly confirmed/tested and merged into Ubuntu.
As requested in the guidelines:
1) We are using:
Description: Ubuntu 16.04.4 LTS
Release: 16.04
2)
libc6:i386:
Installed: 2.23-0ubuntu10
However as stated above this has been present since libc6:i386 2.21 and affects Ubuntu 15.04 onward. (I have actually tested this as well. 15.04 conveniently used both glibc 2.19 and 2.21 so it was a good test platform when I was initially attempting to track down the problem.)
3) What we expected to happen:
memmove should move data within the entire valid address space without segfaulting or corrupting memory.
4) What happened instead:
When memmove attempts to move data crossing the 2GB threshold it either segfaults or causes memory corruption. |
|
2020-09-10 23:03:34 |
Steve Langasek |
glibc (Ubuntu Bionic): status |
Confirmed |
Fix Committed |
|
2020-09-10 23:03:36 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-09-10 23:03:39 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
2020-09-10 23:03:43 |
Steve Langasek |
tags |
id-5ac41c8a07e3bbcc42edc5cb |
id-5ac41c8a07e3bbcc42edc5cb verification-needed verification-needed-bionic |
|
2020-10-21 16:15:23 |
Balint Reczey |
glibc (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2020-10-21 16:21:35 |
Balint Reczey |
tags |
id-5ac41c8a07e3bbcc42edc5cb verification-needed verification-needed-bionic |
id-5ac41c8a07e3bbcc42edc5cb verification-done verification-done-bionic |
|
2020-11-02 18:30:27 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|