[Bug 863761] Re: X crashed with SIGBUS in __memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:820
Bryce Harrington
863761 at bugs.launchpad.net
Wed Nov 9 01:30:43 UTC 2011
Hey vorlon,
Hi, thanks for reporting this issue during the development period of
Ubuntu.
I notice there's not been further comments to the bug report since the
release came out, would you mind updating us on the status of it in the
release?
Are you still able to reproduce the issue? If not, do you think the bug
report can be closed, or do you think we should continue tracking it?
** Changed in: xserver-xorg-video-intel (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/863761
Title:
X crashed with SIGBUS in __memcpy_ssse3_back () at
../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:820
Status in “eglibc” package in Ubuntu:
Confirmed
Status in “xserver-xorg-video-intel” package in Ubuntu:
Incomplete
Bug description:
Using a specially-crafted image... or an accidentally crafted one,
such as <http://bootie.daviey.com/~dave/voodoo-
oneiric-20110930-3.png>, X crashes when using the intel driver on an
ssse3-capable system.
Here is a hard-won backtrace of the issue (hard-won, given that X
crashes do not get captured by apport):
Program received signal SIGBUS, Bus error.
__memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:820
820 ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S: No such file or directory.
in ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S
(gdb) bt
#0 __memcpy_ssse3_back ()
at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:820
#1 0x00007fd96e0fa306 in intel_uxa_pixmap_put_image (pixmap=<optimized out>,
src=<optimized out>, src_pitch=25220, x=<optimized out>,
y=<optimized out>, w=<optimized out>, h=10)
at /usr/include/bits/string3.h:52
#2 0x00007fd96e0fbef7 in intel_uxa_put_image (pixmap=0x3b42d30, x=0, y=0,
w=<optimized out>, h=10, src=0x40d5e08 "\377\377\377", src_pitch=25220)
at ../../src/intel_uxa.c:806
#3 0x00007fd96e111f34 in uxa_do_put_image (src_stride=25220,
bits=0x40d5e08 "\377\377\377", format=2, h=10, w=6305, y=<optimized out>,
x=<optimized out>, pGC=0x3b48040, pDrawable=0x3b42d30,
depth=<optimized out>) at ../../uxa/uxa-accel.c:164
#4 uxa_put_image (pDrawable=0x3b42d30, pGC=0x3b48040, depth=<optimized out>,
x=0, y=0, w=6305, h=10, leftPad=0, format=2, bits=0x40d5e08 "\377\377\377")
at ../../uxa/uxa-accel.c:202
#5 0x00000000004e083c in damagePutImage (pDrawable=0x3b42d30, pGC=0x3b48040,
depth=24, x=0, y=0, w=6305, h=10, leftPad=0, format=2,
pImage=0x40d5e08 "\377\377\377") at ../../../miext/damage/damage.c:878
#6 0x000000000042c87e in ProcPutImage (client=<optimized out>)
at ../../dix/dispatch.c:1986
#7 0x000000000042fb89 in Dispatch () at ../../dix/dispatch.c:431
#8 0x00000000004232fe in main (argc=8, argv=<optimized out>,
envp=<optimized out>) at ../../dix/main.c:287
(gdb)
I've marked this as a security issue since it allows triggering a
crash of the desktop remotely through a web browser (but note, the
image *also* causes a crash when displayed with eog!). However, a
SIGBUS seems unlikely to result in privilege escalation.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: libc6 2.13-20ubuntu3
ProcVersionSignature: Ubuntu 3.0.0-11.18-generic 3.0.4
Uname: Linux 3.0.0-11-generic x86_64
ApportVersion: 1.23-0ubuntu2
Architecture: amd64
Date: Fri Sep 30 18:08:05 2011
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.1)
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: eglibc
UpgradeStatus: Upgraded to oneiric on 2011-09-23 (7 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/863761/+subscriptions
More information about the foundations-bugs
mailing list