umount.hal assert failure: *** buffer overflow detected ***: /sbin/umount.hal terminated

Bug #525245 reported by xFilx on 2010-02-21
144
This bug affects 28 people
Affects Status Importance Assigned to Milestone
HAL
Fix Released
High
hal (Ubuntu)
Medium
Martin Pitt
Lucid
Undecided
Martin Pitt
Maverick
Medium
Martin Pitt

Bug Description

Binary package hint: hal

Description: Ubuntu lucid (development branch)
Release: 10.04

i wanted to unmount usb-flash, but it not existed

ProblemType: Crash
Architecture: i386
AssertionMessage: *** buffer overflow detected ***: /sbin/umount.hal terminated
CrashCounter: 1
Date: Sun Feb 21 14:15:00 2010
DistroRelease: Ubuntu 10.04
ExecutablePath: /usr/sbin/umount.hal
InstallationMedia: Xubuntu 9.10 "Karmic Koala" - Release i386 (20091028.3)
NonfreeKernelModules: nvidia
Package: hal 0.5.14-0ubuntu3
ProcCmdline: /sbin/umount.hal /dev/sdd1
ProcEnviron: LANG=ru_RU.utf8
ProcVersionSignature: Ubuntu 2.6.32-14.20-generic
Signal: 6
SourcePackage: hal
StacktraceTop:
 __kernel_vsyscall ()
 raise () from /lib/tls/i686/cmov/libc.so.6
 abort () from /lib/tls/i686/cmov/libc.so.6
 ?? () from /lib/tls/i686/cmov/libc.so.6
 __fortify_fail () from /lib/tls/i686/cmov/libc.so.6
Title: umount.hal assert failure: *** buffer overflow detected ***: /sbin/umount.hal terminated
Uname: Linux 2.6.32-14-generic i686
UserGroups: adm admin audio cdrom dialout floppy fuse lpadmin netdev plugdev sambashare timidity

I checked the code, and there's indeed a second place which uses realpath() with HAL_PATH_MAX.

xFilx (sia6911) wrote :

Binary package hint: hal

Description: Ubuntu lucid (development branch)
Release: 10.04

i wanted to unmount usb-flash, but it not existed

ProblemType: Crash
Architecture: i386
AssertionMessage: *** buffer overflow detected ***: /sbin/umount.hal terminated
CrashCounter: 1
Date: Sun Feb 21 14:15:00 2010
DistroRelease: Ubuntu 10.04
ExecutablePath: /usr/sbin/umount.hal
InstallationMedia: Xubuntu 9.10 "Karmic Koala" - Release i386 (20091028.3)
NonfreeKernelModules: nvidia
Package: hal 0.5.14-0ubuntu3
ProcCmdline: /sbin/umount.hal /dev/sdd1
ProcEnviron: LANG=ru_RU.utf8
ProcVersionSignature: Ubuntu 2.6.32-14.20-generic
Signal: 6
SourcePackage: hal
StacktraceTop:
 __kernel_vsyscall ()
 raise () from /lib/tls/i686/cmov/libc.so.6
 abort () from /lib/tls/i686/cmov/libc.so.6
 ?? () from /lib/tls/i686/cmov/libc.so.6
 __fortify_fail () from /lib/tls/i686/cmov/libc.so.6
Title: umount.hal assert failure: *** buffer overflow detected ***: /sbin/umount.hal terminated
Uname: Linux 2.6.32-14-generic i686
UserGroups: adm admin audio cdrom dialout floppy fuse lpadmin netdev plugdev sambashare timidity

xFilx (sia6911) wrote :

StacktraceTop:
 __kernel_vsyscall ()
 *__GI_raise (sig=6)
 *__GI_abort () at abort.c:92
 __libc_message (do_abort=2,
 *__GI___fortify_fail (msg=<value optimized out>)

Changed in hal (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Charlie Kravetz (charlie-tca) wrote :

Thanks for reporting this bug and any supporting documentation. Since this bug has enough information provided for a developer to begin work, I'm going to mark it as confirmed and let them handle it from here. Thanks for taking the time to make Ubuntu better!

visibility: private → public
Changed in hal (Ubuntu):
status: New → Confirmed
Darkstar (michael-drueing) wrote :

I think I've hit the same bug (at least the messages are almost exactly the same) while doing an umount for a DVD-ROM. The umount succeeded but I got the "buffer overflow" error too.

Got it while via commandline trying to unmount an ext4 partition ( "umount /media/the_device").

Lars Volker (lv) wrote :
Download full text (4.3 KiB)

I ran into this when umounting a cryptsetup encrypted usb disk mounted on /media/disk using "umount /media/disk". Here's the trace:

~$ umount /media/disk
*** buffer overflow detected ***: /sbin/umount.hal terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fe264fbb1a7]
/lib/libc.so.6(+0xfe060)[0x7fe264fba060]
/lib/libc.so.6(+0xfe6bb)[0x7fe264fba6bb]
/sbin/umount.hal[0x400daf]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fe264edac4d]
/sbin/umount.hal[0x400c19]
======= Memory map: ========
00400000-00402000 r-xp 00000000 fc:02 799903 /usr/sbin/umount.hal
00601000-00602000 r--p 00001000 fc:02 799903 /usr/sbin/umount.hal
00602000-00603000 rw-p 00002000 fc:02 799903 /usr/sbin/umount.hal
01f62000-01f83000 rw-p 00000000 00:00 0 [heap]
7fe264880000-7fe264896000 r-xp 00000000 fc:02 131154 /lib/libgcc_s.so.1
7fe264896000-7fe264a95000 ---p 00016000 fc:02 131154 /lib/libgcc_s.so.1
7fe264a95000-7fe264a96000 r--p 00015000 fc:02 131154 /lib/libgcc_s.so.1
7fe264a96000-7fe264a97000 rw-p 00016000 fc:02 131154 /lib/libgcc_s.so.1
7fe264a97000-7fe264a9e000 r-xp 00000000 fc:02 131555 /lib/librt-2.11.1.so
7fe264a9e000-7fe264c9d000 ---p 00007000 fc:02 131555 /lib/librt-2.11.1.so
7fe264c9d000-7fe264c9e000 r--p 00006000 fc:02 131555 /lib/librt-2.11.1.so
7fe264c9e000-7fe264c9f000 rw-p 00007000 fc:02 131555 /lib/librt-2.11.1.so
7fe264c9f000-7fe264cb7000 r-xp 00000000 fc:02 131553 /lib/libpthread-2.11.1.so
7fe264cb7000-7fe264eb6000 ---p 00018000 fc:02 131553 /lib/libpthread-2.11.1.so
7fe264eb6000-7fe264eb7000 r--p 00017000 fc:02 131553 /lib/libpthread-2.11.1.so
7fe264eb7000-7fe264eb8000 rw-p 00018000 fc:02 131553 /lib/libpthread-2.11.1.so
7fe264eb8000-7fe264ebc000 rw-p 00000000 00:00 0
7fe264ebc000-7fe265034000 r-xp 00000000 fc:02 131539 /lib/libc-2.11.1.so
7fe265034000-7fe265234000 ---p 00178000 fc:02 131539 /lib/libc-2.11.1.so
7fe265234000-7fe265238000 r--p 00178000 fc:02 131539 /lib/libc-2.11.1.so
7fe265238000-7fe265239000 rw-p 0017c000 fc:02 131539 /lib/libc-2.11.1.so
7fe265239000-7fe26523e000 rw-p 00000000 00:00 0
7fe26523e000-7fe265248000 r-xp 00000000 fc:02 788784 /usr/lib/libhal-storage.so.1.0.0
7fe265248000-7fe265447000 ---p 0000a000 fc:02 788784 /usr/lib/libhal-storage.so.1.0.0
7fe265447000-7fe265448000 r--p 00009000 fc:02 788784 /usr/lib/libhal-storage.so.1.0.0
7fe265448000-7fe265449000 rw-p 0000a000 fc:02 788784 /usr/lib/libhal-storage.so.1.0.0
7fe265449000-7fe265459000 r-xp 00000000 fc:02 788786 /usr/lib/libhal.so.1.0.0
7fe265459000-7fe265658000 ---p 00010000 fc:02 788786 /usr/lib/libhal.so.1.0.0
7fe265658000-7fe265659000 r--p 0000f000 fc:02 788786 /usr/lib/libhal....

Read more...

Lars Volker (lv) wrote :

http://bugs.gentoo.org/show_bug.cgi?id=297918

Gentoo seems to be hit by the same problem. However it reads, as if it was related to dbus more than hal.

Stephen Day (sd) wrote :

Increasing HAL_PATH_MAX from 512 to 4096 fixes the issue for me. I have attached a patch.

It's possible my patch masks rather than fixes the issue.

Stephen Day (sd) wrote :

Upstream agrees with increasing the size of HAL_PATH_MAX.

http://cgit.freedesktop.org/hal/commit/?id=a2c3dd5a04d79265772c09c4280606d5c2ed72c6

The problem seems to be in realpath and only shows when gcc -O2 or higher is used. This simple test program shows the issue.

#include <stdlib.h>

int main(int argc, char **argv) {
char buf[512];
realpath(argv[1], buf);
return 0;
}

Martin Pitt (pitti) on 2010-05-03
Changed in hal (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
status: Confirmed → Fix Committed
status: Fix Committed → In Progress
Martin Pitt (pitti) on 2010-05-09
Changed in hal (Ubuntu):
status: In Progress → Fix Committed
Changed in hal (Ubuntu Lucid):
assignee: nobody → Martin Pitt (pitti)

Accepted hal into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in hal (Ubuntu Lucid):
status: New → Fix Committed
tags: added: verification-needed
Stephen Day (sd) wrote :

I have installed hal, libhal-storage1, libhal1. These are all version 0.5.14-0ubuntu6.

The buffer overflow described in this bug is gone and I don't see any other problems.

Martin Pitt (pitti) on 2010-05-09
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package hal - 0.5.14-0ubuntu6

---------------
hal (0.5.14-0ubuntu6) lucid-proposed; urgency=low

  * Add 02_libhal_dont_check_running.patch: In libhal_ctx_init(), do not check
    if hal is already running, since it will get D-Bus activated. Thanks to
    Lionel Le Folgoc for the patch! (LP: #546992)
  * Add 00git_bigger_path_size.patch: Bump HAL_PATH_MAX to 4096. Patch taken
    from upstream git head. (LP: #525245)
 -- Martin Pitt <email address hidden> Sun, 09 May 2010 12:00:16 +0200

Changed in hal (Ubuntu Lucid):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Copied lucid-proposed to maverick.

Changed in hal (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in hal (Ubuntu Lucid):
status: Fix Released → Fix Committed

Ubuntu Team,
I plugged in a usb drive, that essentially shows up as a cdrom in /etc/mtab (basically shows type of filesystem as isoxxxx instead of the usual vfat). I tried to eject it using 'eject <mount-point>' and 'eject <device-shown-in-mtab>' and in both occasions I got this bug. However, there was an icon on my desktop (icon was a cdrom), which had an option of 'Eject' in its right-click menu. I used that option to eject the device and the device was ejected without any error.

I tried searching for the 0.5.14-0ubuntu6 in synaptic and on packages.ubuntu.com but could not find it. How can I find the package so that I can update?

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package hal - 0.5.14-0ubuntu6

---------------
hal (0.5.14-0ubuntu6) lucid-proposed; urgency=low

  * Add 02_libhal_dont_check_running.patch: In libhal_ctx_init(), do not check
    if hal is already running, since it will get D-Bus activated. Thanks to
    Lionel Le Folgoc for the patch! (LP: #546992)
  * Add 00git_bigger_path_size.patch: Bump HAL_PATH_MAX to 4096. Patch taken
    from upstream git head. (LP: #525245)
 -- Martin Pitt <email address hidden> Sun, 09 May 2010 12:00:16 +0200

Changed in hal (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in hal:
importance: Unknown → High
status: Unknown → Fix Released
Changed in hal:
importance: High → Unknown
Changed in hal:
importance: Unknown → High
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.