[Bug 1771345] Re: lscpu possible crash in min/max frequency
Julian Andres Klode
1771345 at bugs.launchpad.net
Wed May 16 13:32:52 UTC 2018
Test case
** Attachment added: "segvtest.tar.gz"
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1771345/+attachment/5140350/+files/segvtest.tar.gz
** Description changed:
[Impact]
lscpu prior to 2.32 does not correctly check for NULL members in min/max CPU frequency arrays and can call atof() on them, leading to crashes. It seems that's what caused the verification to fail for bug 1732865. The following fixes have been committed upstream:
from 2.30: https://github.com/karelzak/util-
linux/commit/0145d84a381fc2fcd7d37e0dbf3d9dff69609ecd
from 2.32: https://github.com/karelzak/util-
linux/commit/95f09bc63c564c50ec2c393352801cc056faaea2
I plan to backport them to xenial (both patches); and artful, bionic
(second patch, they are > 2.30).
[Regression potential]
The worst possible regression is that lscpu would fail to correctly report min/max frequencies, but it seems unlikely, as we're only adding checks against null pointers / move an atof into a loop.
[Test case]
- I'm afraid I don't have a test case, the bugs only manifest on some CPUs, and I don't know which.
+ Extract attached segvtest.tar.gz and run lscpu -s segvtest and check that it does not crash.
** Description changed:
[Impact]
lscpu prior to 2.32 does not correctly check for NULL members in min/max CPU frequency arrays and can call atof() on them, leading to crashes. It seems that's what caused the verification to fail for bug 1732865. The following fixes have been committed upstream:
from 2.30: https://github.com/karelzak/util-
linux/commit/0145d84a381fc2fcd7d37e0dbf3d9dff69609ecd
from 2.32: https://github.com/karelzak/util-
linux/commit/95f09bc63c564c50ec2c393352801cc056faaea2
I plan to backport them to xenial (both patches); and artful, bionic
(second patch, they are > 2.30).
[Regression potential]
The worst possible regression is that lscpu would fail to correctly report min/max frequencies, but it seems unlikely, as we're only adding checks against null pointers / move an atof into a loop.
[Test case]
- Extract attached segvtest.tar.gz and run lscpu -s segvtest and check that it does not crash.
+ Extract attached segvtest.tar.gz and run lscpu -s segvtest and check that it does not crash (this removes min mhz file for cpu #0 for testing).
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1771345
Title:
lscpu possible crash in min/max frequency
Status in util-linux package in Ubuntu:
Fix Committed
Status in util-linux source package in Xenial:
Triaged
Status in util-linux source package in Artful:
Triaged
Status in util-linux source package in Bionic:
Triaged
Bug description:
[Impact]
lscpu prior to 2.32 does not correctly check for NULL members in min/max CPU frequency arrays and can call atof() on them, leading to crashes. It seems that's what caused the verification to fail for bug 1732865. The following fixes have been committed upstream:
from 2.30: https://github.com/karelzak/util-
linux/commit/0145d84a381fc2fcd7d37e0dbf3d9dff69609ecd
from 2.32: https://github.com/karelzak/util-
linux/commit/95f09bc63c564c50ec2c393352801cc056faaea2
I plan to backport them to xenial (both patches); and artful, bionic
(second patch, they are > 2.30).
[Regression potential]
The worst possible regression is that lscpu would fail to correctly report min/max frequencies, but it seems unlikely, as we're only adding checks against null pointers / move an atof into a loop.
[Test case]
Extract attached segvtest.tar.gz and run lscpu -s segvtest and check that it does not crash (this removes min mhz file for cpu #0 for testing).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1771345/+subscriptions
More information about the foundations-bugs
mailing list