Ubuntu
git package

[SRU] git bisect start crashed with SIGSEGV in buffer_slab_peek()

  1. Focal (20.04)
  2. Bug #1931391
Bug #1931391 reported by Richard van der Hoff
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
git (Ubuntu)
Fix Released
Medium
Unassigned
Focal
Confirmed
Undecided
Unassigned

Bug Description

[ Impact ]

"git bisect--helper --bisect-start <paths>" is a valid command to start the git bisect.
And if any user uses the command to bisect then it will result in a segfault and is unusable for the user.

But git bisect--helper is not completely unusable, it can still be used if the bad commit SHA and good commit SHA is mentioned with the command.

[ Test Plan ]

 * clone any git repo
 * Use the command "git bisect--helper --bisect-start <file>" where <file> is any file in that git repo.

[ Where problems could occur ]

 This is an upstream patch which has been backported. The upstream patch is fixing the way it treats invalid oid. The upstream patch was applied in 2020 and considering the number of users using 'git' and considering that there has been no reported regression for this patch so I will assume the chances of regression for us is very less.

 The only problem I could find was that one user was confused as there was no message after starting the bisect, and that has been fixed via https://github.com/git/git/commit/0cf1defa5a6764b8a0fd956ff4d114cb014cb8a4. But I feel this patch is an improvement and is not a fix suitable for a stable release.

[ Other Info ]

 * The problem has been fixed by upstream in v2.29.0 so as a result only Focal is affected. Jammy, Lunar, Mantic and Noble are not affected.

[ Original Bug Description ]

`git bisect start <filename>` always exits with a Segmentation fault.

ProblemType: Crash
DistroRelease: Ubuntu 20.04
Package: git 1:2.25.1-1ubuntu3.1
ProcVersionSignature: Ubuntu 5.4.0-65.73-generic 5.4.78
Uname: Linux 5.4.0-65-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.18
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: XFCE
Date: Wed Jun 9 11:24:04 2021
ExecutablePath: /usr/bin/git
InstallationDate: Installed on 2016-02-27 (1929 days ago)
InstallationMedia: Xubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
ProcCmdline: git bisect--helper --bisect-start synapse/storage/persist_events.py
SegvAnalysis:
 Segfault happened at: 0x55d3ab6b0cde <get_cached_commit_buffer+14>: mov 0x48(%rsi),%esi
 PC (0x55d3ab6b0cde) ok
 source "0x48(%rsi)" (0x00000048) not located in a known VMA region (needed readable region)!
 destination "%esi" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: git
StacktraceTop:
 buffer_slab_peek (c=0x0, s=<optimized out>) at commit.c:290
 get_cached_commit_buffer (r=r@entry=0x55d3ab8e0680 <the_repo>, commit=commit@entry=0x0, sizep=sizep@entry=0x0) at commit.c:290
 repo_get_commit_buffer (r=r@entry=0x55d3ab8e0680 <the_repo>, commit=commit@entry=0x0, sizep=sizep@entry=0x0) at commit.c:306
 repo_logmsg_reencode (r=r@entry=0x55d3ab8e0680 <the_repo>, commit=commit@entry=0x0, commit_encoding=commit_encoding@entry=0x7ffc63d83518, output_encoding=output_encoding@entry=0x55d3ab80257a "UTF-8") at pretty.c:614
 repo_format_commit_message (r=0x55d3ab8e0680 <the_repo>, commit=commit@entry=0x0, format=format@entry=0x55d3ab815233 "%s", sb=sb@entry=0x7ffc63d83610, pretty_ctx=pretty_ctx@entry=0x7ffc63d83630) at pretty.c:1640
Title: git crashed with SIGSEGV in buffer_slab_peek()
UpgradeStatus: Upgraded to focal on 2021-02-16 (112 days ago)
UserGroups: adm cdrom dialout dip docker input libvirt libvirtd lpadmin plugdev sambashare sbuild sudo wireshark
modified.conffile..etc.apport.crashdb.conf: [modified]
mtime.conffile..etc.apport.crashdb.conf: 2021-06-09T11:10:35.636012
separator:

See original description
Revision history for this message
Richard van der Hoff (richvdh) wrote :
Apport retracing service (apport)
tags: removed: need-amd64-retrace
Richard van der Hoff (richvdh)
information type: Private → Public
Apport retracing service (apport)
tags: added: need-amd64-retrace
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 buffer_slab_peek (c=0x0, s=<optimized out>) at commit.c:290
 get_cached_commit_buffer (r=r@entry=0x55d3ab8e0680 <the_repo>, commit=commit@entry=0x0, sizep=sizep@entry=0x0) at commit.c:290
 repo_get_commit_buffer (r=r@entry=0x55d3ab8e0680 <the_repo>, commit=commit@entry=0x0, sizep=sizep@entry=0x0) at commit.c:306
 repo_logmsg_reencode (r=r@entry=0x55d3ab8e0680 <the_repo>, commit=commit@entry=0x0, commit_encoding=commit_encoding@entry=0x7ffc63d83518, output_encoding=output_encoding@entry=0x55d3ab80257a "UTF-8") at pretty.c:614
 repo_format_commit_message (r=0x55d3ab8e0680 <the_repo>, commit=commit@entry=0x0, format=format@entry=0x55d3ab815233 "%s", sb=sb@entry=0x7ffc63d83610, pretty_ctx=pretty_ctx@entry=0x7ffc63d83630) at pretty.c:1640

tags: removed: need-amd64-retrace
Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in git (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: git bisect start crashed with SIGSEGV in buffer_slab_peek()

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in git (Ubuntu):
status: New → Confirmed
Revision history for this message
Robert Löhning (rlohning) wrote :

Happens to me, too, on Ubuntu 20.04. In case you need instructions how to reproduce it, just let me know.

Revision history for this message
Anatoly Pugachev (matorola) wrote :

$ dpkg -l git
||/ Name Version Architecture Description
 +++-==============-====================-============-===================================================
ii git 1:2.25.1-1ubuntu3.11 amd64 fast, scalable, distributed revision control system

$ gdb -q /usr/bin/git /tmp/core_git.691604
Reading symbols from /usr/bin/git...
Reading symbols from /usr/lib/debug/.build-id/35/7565dd8d992f17428ea299da06e82213052b9c.debug...
[New LWP 691604]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `git bisect--helper --bisect-start recipes/gtest/all/conandata.yml'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055b8b6ab22be in buffer_slab_peek (c=0x0, s=<optimized out>) at commit.c:290
290 commit.c: No such file or directory.
(gdb) bt
#0 0x000055b8b6ab22be in buffer_slab_peek (c=0x0, s=<optimized out>) at commit.c:290
#1 get_cached_commit_buffer (r=r@entry=0x55b8b6ce5680 <the_repo>, commit=commit@entry=0x0, sizep=sizep@entry=0x0) at commit.c:290
#2 0x000055b8b6ab231b in repo_get_commit_buffer (r=r@entry=0x55b8b6ce5680 <the_repo>, commit=commit@entry=0x0, sizep=sizep@entry=0x0) at commit.c:306
#3 0x000055b8b6b42835 in repo_logmsg_reencode (r=r@entry=0x55b8b6ce5680 <the_repo>, commit=commit@entry=0x0, commit_encoding=commit_encoding@entry=0x7ffff4c3e818,
    output_encoding=output_encoding@entry=0x55b8b6c075ba "UTF-8") at pretty.c:621
#4 0x000055b8b6b445c4 in repo_format_commit_message (r=0x55b8b6ce5680 <the_repo>, commit=commit@entry=0x0, format=format@entry=0x55b8b6c1a273 "%s",
    sb=sb@entry=0x7ffff4c3e910, pretty_ctx=pretty_ctx@entry=0x7ffff4c3e930) at pretty.c:1681
#5 0x000055b8b69de7b6 in log_commit (fmt=0x55b8b6c1a273 "%s", commit=0x0, state=0x55b8b7aa3710 "bad", fp=0x55b8b7a9da90) at builtin/bisect--helper.c:193
#6 bisect_write (state=0x55b8b7aa3710 "bad", rev=0x55b8b7aa3540 '0' <repeats 40 times>, nolog=nolog@entry=1, terms=<optimized out>, terms=<optimized out>)
    at builtin/bisect--helper.c:238
#7 0x000055b8b69df735 in bisect_start (argc=<optimized out>, argv=..., no_checkout=<optimized out>, terms=0x7ffff4c3ea70) at builtin/bisect--helper.c:590
#8 cmd_bisect__helper (argc=<optimized out>, argv=0x7ffff4c3f370, prefix=<optimized out>) at builtin/bisect--helper.c:708
#9 0x000055b8b69d4304 in run_builtin (argv=<optimized out>, argc=<optimized out>, p=<optimized out>) at git.c:444
#10 handle_builtin (argc=<optimized out>, argv=<optimized out>) at git.c:674
#11 0x000055b8b69d53d4 in run_argv (argv=0x7ffff4c3f0c0, argcp=0x7ffff4c3f0cc) at git.c:741
#12 cmd_main (argc=<optimized out>, argv=<optimized out>) at git.c:872
#13 0x000055b8b69d3e9e in main (argc=4, argv=0x7ffff4c3f368) at common-main.c:52
(gdb)

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can reproduce the segfault in Focal and can also confirm that Jammy, Lunar and Mantic are not affected.

Sudip Mukherjee (sudipmuk)
Changed in git (Ubuntu Focal):
status: New → In Progress
assignee: nobody → Sudip Mukherjee (sudipmuk)
Changed in git (Ubuntu):
status: Confirmed → Fix Released
Sudip Mukherjee (sudipmuk)
summary: - git bisect start crashed with SIGSEGV in buffer_slab_peek()
+ [SRU] git bisect start crashed with SIGSEGV in buffer_slab_peek()
description: updated
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Focal attached.

Changed in git (Ubuntu Focal):
status: In Progress → Confirmed
assignee: Sudip Mukherjee (sudipmuk) → nobody
Revision history for this message
Simon Quigley (tsimonq2) wrote :

Uploaded without any changes, thank you! Great work.

Subscribing the security team so they don't accidentally pave over this. If you could, please prioritize verification of this SRU once accepted, so we aren't blocking their work.

Thanks again!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.