gvfsd-sftp crashed with SIGSEGV in fast_validate() if the target host is not in .ssh/known_hosts

Bug #1033275 reported by Jean-Louis Dupond on 2012-08-05
114
This bug affects 26 people
Affects Status Importance Assigned to Milestone
gvfs
Fix Released
High
gvfs (Ubuntu)
Medium
Martin Pitt

Bug Description

Crashing while opening a SMB share.

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: gvfs-backends 1.13.4-0ubuntu2
ProcVersionSignature: Ubuntu 3.5.0-8.8-generic 3.5.0
Uname: Linux 3.5.0-8-generic x86_64
ApportVersion: 2.4-0ubuntu6
Architecture: amd64
Date: Sun Aug 5 22:02:34 2012
ExecutablePath: /usr/lib/gvfs/gvfsd-sftp
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha amd64 (20110705.1)
ProcCmdline: /usr/lib/gvfs/gvfsd-sftp --spawner :1.4 /org/gtk/gvfs/exec_spaw/7
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, no user)
 LANGUAGE=nl:en_AU:en
 LANG=nl_BE.UTF-8
SegvAnalysis:
 Segfault happened at: 0x7f8f4df86f28 <g_utf8_validate+456>: movzbl (%rdi),%r8d
 PC (0x7f8f4df86f28) ok
 source "(%rdi)" (0x6874756120656854) not located in a known VMA region (needed readable region)!
 destination "%r8d" ok
 Stack memory exhausted (SP below stack segment)
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: gvfs
StacktraceTop:
 g_utf8_validate () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 g_variant_new_string () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 g_variant_new_strv () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
Title: gvfsd-sftp crashed with SIGSEGV in g_utf8_validate()
UpgradeStatus: Upgraded to quantal on 2012-06-19 (46 days ago)
UserGroups: adm admin cdrom dialout libvirtd lpadmin plugdev sambashare

Jean-Louis Dupond (dupondje) wrote :

StacktraceTop:
 fast_validate (str=<optimized out>) at /build/buildd/glib2.0-2.33.6/./glib/gutf8.c:1461
 g_utf8_validate (str=str@entry=0x6874756120656854 <Address 0x6874756120656854 out of bounds>, max_len=max_len@entry=-1, end=end@entry=0x0) at /build/buildd/glib2.0-2.33.6/./glib/gutf8.c:1629
 g_variant_new_string (string=0x6874756120656854 <Address 0x6874756120656854 out of bounds>) at /build/buildd/glib2.0-2.33.6/./glib/gvariant.c:1270
 g_variant_new_strv (strv=0x7f8f4ba0b750, length=<optimized out>) at /build/buildd/glib2.0-2.33.6/./glib/gvariant.c:1497
 g_variant_valist_new_leaf (app=0x7f8f4ba0b4c8, str=0x7f8f4ba0b498) at /build/buildd/glib2.0-2.33.6/./glib/gvariant.c:4207

Changed in gvfs (Ubuntu):
importance: Undecided → Medium
summary: - gvfsd-sftp crashed with SIGSEGV in g_utf8_validate()
+ gvfsd-sftp crashed with SIGSEGV in fast_validate()
tags: removed: need-amd64-retrace
tags: added: running-unity

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gvfs (Ubuntu):
status: New → Confirmed
Martin Pitt (pitti) wrote :

Reproducible in live system, but not in my Quantal installation.

visibility: private → public
Changed in gvfs (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
status: Confirmed → In Progress
Martin Pitt (pitti) wrote :

This happens if the target host is not in ~/.ssh/known_hosts, or that file does not exist.

summary: - gvfsd-sftp crashed with SIGSEGV in fast_validate()
+ gvfsd-sftp crashed with SIGSEGV in fast_validate() if the target host is
+ not in .ssh/known_hosts
Martin Pitt (pitti) wrote :

Fix committed to packaging bzr and sent upstream.

Changed in gvfs (Ubuntu):
status: In Progress → Fix Committed
Changed in gvfs:
importance: Unknown → High
status: Unknown → Confirmed
Changed in gvfs:
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gvfs - 1.13.9-0ubuntu1

---------------
gvfs (1.13.9-0ubuntu1) quantal; urgency=low

  * New upstream release:
    - Some code cleanup
    - Lots of translation updates
    - Bug fixes
    - gmountsource: Always use NULL-terminated arrays (LP: #1033275)
    - Remove final parts of libdbus (LP: #932935)
  * Disable 04_hurd_path_max.patch; not required for Ubuntu and does not apply
    any more.
  * Update 05_shared_libdaemon.patch for new upstream version.
  * Drop check-gdu-pool.patch, applied upstream.
  * Update build_old_libgphoto.patch for new upstream version.
  * debian/gvfs-backends.install: libgvfscommon-dnssd.so, not installed any
    more (it's just an internal library).
  * debian/control.in: Bump glib build dependency as per configure.ac.
  * debian/tests/gvfs-test: Rename Sftp.test_localhost() to test_rsa(), and
    factor out the checks on the gvfs mount.
  * debian/tests: Direct sshd log into a file, and cat it if there are test
    failures.
  * debian/tests/gvfs-test: Add test case for RSA authentication for unknown
    host. This reproduces the crash in LP #1033275.
  * debian/tests/gvfs-test: Relax expected gvfs-mount -li output for working
    with 1.13.9.
 -- Martin Pitt <email address hidden> Thu, 20 Sep 2012 14:52:13 +0200

Changed in gvfs (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.