Ubuntu22.04: glibc: __strncpy_power9() uses uninitialised register vs18 value for filling after \0
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Ubuntu-power-systems project |
Fix Released
|
Medium
|
Ubuntu on IBM Power Systems Bug Triage | ||
glibc (Ubuntu) |
Fix Released
|
Medium
|
Ubuntu on IBM Power Systems Bug Triage | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification:
==================
[Impact]
* glibc '__strncpy_
for filling after \0.
* This can result in a crash / core dump.
* This is fixed in the little endian Power 9 implementation
of strncpy.S by using the proper VSX number for VR 18
in stxv and stxvl.
[Test Plan]
* Have an Ubuntu Server 22.04 LTS running on Power 9
(or compatible) hardware.
* Take the C test program and reproducer from gere:
https:/
compile it for power9 (ppc64le).
* Execute it on ppc64el hardware and it will core dump
on an unpatched libc6, e.g. using qemu, like:
"qemu: uncaught target signal 6 (Aborted) - core dumped
Aborted"
* gdb will report the following value of c[]:
(gdb) p c
$1 = "\000\015\015"
[Where problems could occur]
* Severe problems can occur if wrong registers are used
or the (zero-)padding is done in a wrong way
or if the fix for stxv and stxvl were mixed up.
* Relatively foreseen effects can happen and highly
likely even more crashes.
* But the code was thoroughly analysed, first as gcc bug
then a glibc bug.
* The changes are limited to:
sysdeps/
and with that Power 9 specific,
well explained, documented traceable and tested
(not only on ppc64le - which is mostly relevant for Ubuntu - but
also on ppc and ppc64.)
[Other Info]
* The fix is needed for Power 9 targets (22.04 is compiled for P9),
has already been applied upstream for glibc 2.36
and has been backported to glibc >= 2.33.
__________
== Comment: #0 - Tulio Magno Quites Machado Filho <email address hidden> - 2022-06-08 08:35:44 ==
---Problem Description---
__strncpy_power9() uses uninitialised register vs18 value for filling after \0
The fix has already been applied upstream for glibc 2.36 and has been backported to glibc >= 2.33.
Commit for glibc 2.36:
https:/
Commit for glibc 2.35:
https:/
Contact Information = Tulio Magno Quites Machado <email address hidden>
---Additional Hardware Info---
Requires Power9 or Power10 to reproduce
---uname output---
N/A
Machine Type = N/A
---Debugger---
A debugger is not configured
---Steps to Reproduce---
See the description from the bug reported upstream at: https:/
Userspace tool common name: glibc
The userspace tool has the following bit modes: glibc
Userspace rpm: libc6
Userspace tool obtained from project website: na
*Additional Instructions for Tulio Magno Quites Machado <email address hidden>:
-Attach ltrace and strace of userspace application.
Changed in glibc (Ubuntu): | |
importance: | Undecided → Medium |
Changed in ubuntu-power-systems: | |
importance: | Undecided → Medium |
assignee: | nobody → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) |
tags: | added: fr-2460 |
Changed in glibc (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in ubuntu-power-systems: | |
status: | New → In Progress |
description: | updated |
tags: |
added: verification-done-jammy removed: verification-needed-jammy |
------- Comment From <email address hidden> 2022-06-09 11:25 EDT-------
This bug is targeted for Ubuntu22.04.x series.