[Bug 1242746] Re: SIGSEGV when file2str reads zero bytes

John-Mark Bell 1242746 at bugs.launchpad.net
Wed Oct 30 13:37:45 UTC 2013 

I've tested this on Precise by running the attached script.

With the old package version (1:3.2.8-11ubuntu6.1) this caused top to crash after about 90 minutes.
With the new package version (1:3.2.8-11ubuntu6.3), it's been running without incident for the last 24 hours.

Note, that as we're dealing with a race between top reading the contents
of proc and processes being spawned/destroyed, it's tricky to reproduce
in a controlled manner, so I went for the brute-force approach.

Nothing else appears untoward with the new version.

** Attachment added: "Testscript for this issue"
   https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1242746/+attachment/3895695/+files/1242746-test.sh

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/1242746

Title:
  SIGSEGV when file2str reads zero bytes

Status in “procps” package in Ubuntu:
  Fix Released
Status in “procps” source package in Precise:
  Fix Committed
Status in “procps” source package in Quantal:
  Fix Committed
Status in “procps” source package in Raring:
  Fix Committed
Status in “procps” source package in Saucy:
  Fix Committed

Bug description:
  [Impact]

   * various procps utilities crashing with a SIGSEGV if the file2str function in
     proc/readproc.c when it reads zero bytes

   * This is a regression introduced with (LP: #1150413)

   * The upload checks for zero length reads and now returns -1 instead of 0, like it used
     to.

  [Test Case]

   * This does not happen often enough to create a real testcase, but some users have
     reported that repeatedly running top has occassionally exhibited this problem.

  [Regression Potential]

   * Minimal, as this reverts file2str to original behavior in the case of zero length
     reads.

  [Other Info]
   
   * This patch is backported from upstream

  _________________________________________________________________________________________
  The changes made in the following commit, which backported a number of changes to the procps package in precise, result in various procps utilities crashing with a SIGSEGV if the file2str function in proc/readproc.c reads zero bytes.

  http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/procps
  /precise-updates/revision/61

  This corresponds to the following procps package version:
  1:3.2.8-11ubuntu6.1

  Prior to this changeset, file2str would return -1 if the read failed;
  now it does not, which is not expected by other parts of the procps
  codebase, hence the crash.

  Upstream have fixed this issue in the following commit:

  https://www.gitorious.org/procps/procps/commit/526bc5dfa924177e68be0123bd67e3370955f924

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1242746/+subscriptions

More information about the foundations-bugs mailing list