program abort by "lh_table_new: calloc failed"

Bug #1878738 reported by yusuke mihara on 2020-05-15
40
This bug affects 6 people
Affects Status Importance Assigned to Milestone
json-c (Ubuntu)
Undecided
Unassigned

Bug Description

I wrote small sample program which abort by lh_table_new calloc failed.
see this.
https://gist.github.com/735eec6fd0869df1facb08da5baa402c

CVE References

Robert Rouquette (rrouquette) wrote :

I have identified the same issue. Parsing a relatively small file may result in a calloc failure because lh_table_new attempts to allocate an incorrectly size block of memory. In my case it attempted to allocate over 68 GiB in a single allocation.

The cause seems to be the changes in the CVE patch:

json-c (0.12.1-1.3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2020-12762-*.patch: fix a series of
      integer overflows adding checks in linkhash.c, printbuf.c.
    - CVE-2020-12762

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 11 May 2020 16:29:02 -0300

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in json-c (Ubuntu):
status: New → Confirmed
Slater (riccardo-robecchi) wrote :

This bug affects programs such as GIMP. I could not launch it and I found this issue by searching "lh_table_new: calloc failed". Reverting back to libjson-c3 version 0.12.1-1.3 fixes the issue.

a (brootux) wrote :

Seems to affect all software which uses this library.

Leonidas S. Barbosa (leosilvab) wrote :

Hi, thanks for report his issue. That issue was already reverted and a new version is available. Run apt-get update; apt-get upgrade -y , and it should install that last reverted version.

thank you, Leonidas.
I checked the program(and our products) running normally with reverted package.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers