[Bug 1397340] Re: Integer overflow when processing giant field values
Launchpad Bug Tracker
1397340 at bugs.launchpad.net
Thu Dec 18 00:22:05 UTC 2014
** Branch linked: lp:whoopsie
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1397340
Title:
Integer overflow when processing giant field values
Status in whoopsie package in Ubuntu:
In Progress
Bug description:
Ubuntu release: 12.04
Package version: 0.1.33
When parsing fields in a crash report file, whoopsie will reallocate
the value buffer when appending continuation lines. The current length
of the buffer is computed by pointer arithmetic and the result stored
in a signed integer. If the field value length reaches 2GB, then this
value will overflow, and become negative. This will then cause
whoopsie itself to abort, as it tries to allocate a huge amount of
memory.
I would expect whoopsie to cope with such large input (which may be
generated as the result of a memory-hungry process crashing and
creating a very large compressed+base64-encoded CoreDump).
By inspection, I see that this issue is still present in current
development versions: http://bazaar.launchpad.net/~ubuntu-
branches/ubuntu/vivid/whoopsie/vivid/view/head:/src/whoopsie.c#L402
I've attached a patch (created against the 0.1.33 sources, but should
apply with minimal issues against later versions), that resolves the
immediate issue. There's a more general question about the sanity of
loading the entire crash file into memory, too (particularly as the
CoreDump is never used unless the server requests it).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1397340/+subscriptions
More information about the foundations-bugs
mailing list