gpsmon crashes (segfault)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gpsd (Ubuntu) |
Fix Released
|
High
|
Christian Ehrhardt | ||
Noble |
Fix Released
|
Undecided
|
Unassigned | ||
Oracular |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
* There are two bugs in gpsd that break gpsmon on noble. On one hand a re-use
of freed resources and on the other a compile issue with fortify source.
One leads to a crash, the other to an assertion.
* Upstream has fixes for these which we are backporting here.
* I can't be sure if all are affected but 2/2 test objects
one SiRF and u-blox trigger it
[ Test Plan ]
* Disclaimer: needs a system with a gps device (and that might be limited
to some kinds of them)
* # 1a - start gpsd either directly like e.g.:
$ /usr/sbin/gpsd -D5 -N -b -n -p -s 9600 /dev/loraGPS
# 1b - start the service that comes with the package
# configure your devices, in my case two via usb
$ sudo vim /etc/default/gpsd
DEVICES=
# With that start the service and check it runs
$ sudo systemctl restart gpsd
$ sudo systemctl status gpsd
# Then as step 2 start gpsmon to monitor local gps'es
$ gpsmon
* In the bad case this runs into a buffer overflow detect and crash
looks like that after a few seconds:
$ gpsmon
tcp://localhost
(82) {"class"
(313) {"class"
CE","path"
(122) {"class"
Segmentation fault (core dumped)
* Good case should display whatever the gps receives so far.
I realized posting that example might show my position quite accurately, so I skip that :-) Just the header ...
tcp://localhost
┌─────────── X ────── Y ────── Z ────────── North ──── East ───── Alt ─────────┐or":15}
...
[ Where problems could occur ]
* I needed to backport some more context changes, tried to keep
them style only, but mistakes could happen.
But on the other hand the impact is gladly limited,
changes are isolated to gpsmon/
and a minimal one in gpsmon/gpsmon.c
Therefore breakage should be
a) only in gpsmon and not gpsd
b) almost only for NMEA type devices
[ Other Info ]
* n/a
--- original bug ---
Ubuntu 24.04 LTS
ii gpsd-tools 3.25-3ubuntu3 amd64 Global Positioning System - tools
Calling the gpsmon utility from this package, it should show the current GPS status
of the connected GPS (LEA 6M). Instead it segfaults and is therefore unusable.
Tracing this, the problem is a double delwin(), ie. double-free of devicewin, in lines 517 and 521 of gpsmon.c
Apparently this bug has been fixed upstream in
https:/
I have tested this patch indeed solves the problem, at least in my case.
Regards,
Mario
Related branches
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 107 lines (+79/-0)4 files modifieddebian/changelog (+6/-0)
debian/patches/lp-2076191-Avoid-double-delwin-on-devicewin.patch (+24/-0)
debian/patches/lp-2076191-gpsmon-monitor_nmea0183.c-Fix-gpsmon-crash-in-NMEA.patch (+47/-0)
debian/patches/series (+2/-0)
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 135 lines (+83/-2)6 files modifieddebian/changelog (+6/-0)
debian/control (+2/-1)
debian/control.in (+2/-1)
debian/patches/lp-2076191-Avoid-double-delwin-on-devicewin.patch (+24/-0)
debian/patches/lp-2076191-gpsmon-monitor_nmea0183.c-Fix-gpsmon-crash-in-NMEA.patch (+47/-0)
debian/patches/series (+2/-0)
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 768 lines (+686/-2)11 files modifieddebian/changelog (+6/-0)
debian/control (+2/-1)
debian/control.in (+2/-1)
debian/patches/lp-2076191-Avoid-double-delwin-on-devicewin.patch (+24/-0)
debian/patches/lp-2076191-gpsmon-monitor_nmea0183.c-Codacy-hates-strlen.patch (+81/-0)
debian/patches/lp-2076191-gpsmon-monitor_nmea0183.c-Fix-gpsmon-crash-in-NMEA.patch (+125/-0)
debian/patches/lp-2076191-gpsmon-monitor_nmea0183.c-Fix-potential-overflow.patch (+55/-0)
debian/patches/lp-2076191-gpsmon-monitor_nmea0183.c-More-checking-for-curses-e.patch (+57/-0)
debian/patches/lp-2076191-gpsmon-monitor_nmea0183.c-Style-tweaks-more-error-ca.patch (+53/-0)
debian/patches/lp-2076191-gpsmon-monitor_nmea0183.c-comments-add-braces-whites.patch (+274/-0)
debian/patches/series (+7/-0)
description: | updated |
Changed in gpsd (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
Thank you for taking the time to report a bug and improve Ubuntu.
It is good to know that you can reproduce this problem locally and have also checked that the upstream patch seems to fix it. If I understand correctly, it's not possible to trigger the issue without having specific GPS hardware, right? If that's the case, then we will need your help to test the fix when doing the SRU. Otherwise, would you be able to provide a simple reproducer that doesn't depend on GPS hardware?
Thanks.