gnome-software (5) g_realloc → g_array_maybe_expand → g_array_set_size → g_byte_array_set_size → read_cb
Bug #1740865 reported by
errors.ubuntu.com bug bridge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd-glib (Ubuntu) |
Fix Released
|
High
|
Robert Ancell | ||
Bionic |
Fix Released
|
High
|
Robert Ancell | ||
Cosmic |
Fix Released
|
High
|
Robert Ancell |
Bug Description
[Impact]
snapd-glib can do an invalid memory access when parsing HTTP chunked data. Found doing code inspection and testing based on crash reports.
[Test Case]
No specific trigger - just look for reduced reports on errors.ubuntu.com.
[Regression Potential]
Some risk of further breaking HTTP handling in snapd-glib. Updated algorithm tested in a test program run through valgrind to give confidence in the changes.
Error reports:
https:/
summary: |
- /usr/bin/gnome- - software:5:g_realloc:g_array_maybe_expand:g_array_set_size:g_byte_array_set_size:read_cb + gnome-software (5) g_realloc → g_array_maybe_expand → g_array_set_size → + g_byte_array_set_size → read_cb |
Changed in gnome-software (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
affects: | gnome-software (Ubuntu Bionic) → snapd-glib (Ubuntu Bionic) |
Changed in snapd-glib (Ubuntu Bionic): | |
assignee: | Robert Ancell (robert-ancell) → nobody |
description: | updated |
Changed in snapd-glib (Ubuntu Bionic): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
Changed in snapd-glib (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
The crash report shows snapd-glib trying to allocate 2.6G of memory...