program abort by "lh_table_new: calloc failed"

Bug #1878738 reported by yusuke mihara
This bug affects 5 people
Affects Status Importance Assigned to Milestone
json-c (Ubuntu)

Bug Description

I wrote small sample program which abort by lh_table_new calloc failed.
see this.

CVE References

Revision history for this message
Robert Rouquette (rrouquette) wrote :

I have identified the same issue. Parsing a relatively small file may result in a calloc failure because lh_table_new attempts to allocate an incorrectly size block of memory. In my case it attempted to allocate over 68 GiB in a single allocation.

The cause seems to be the changes in the CVE patch:

json-c (0.12.1-1.3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2020-12762-*.patch: fix a series of
      integer overflows adding checks in linkhash.c, printbuf.c.
    - CVE-2020-12762

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 11 May 2020 16:29:02 -0300

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in json-c (Ubuntu):
status: New → Confirmed
Revision history for this message
Slater (riccardo-robecchi) wrote :

This bug affects programs such as GIMP. I could not launch it and I found this issue by searching "lh_table_new: calloc failed". Reverting back to libjson-c3 version 0.12.1-1.3 fixes the issue.

Revision history for this message
a (brootux) wrote :

Seems to affect all software which uses this library.

Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

Hi, thanks for report his issue. That issue was already reverted and a new version is available. Run apt-get update; apt-get upgrade -y , and it should install that last reverted version.

Revision history for this message
yusuke mihara (yusukemihara0001) wrote :

thank you, Leonidas.
I checked the program(and our products) running normally with reverted package.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.