[Bug 2052360] Re: empty /proc/cpuinfo can cause segfault

Launchpad Bug Tracker 2052360 at bugs.launchpad.net
Thu Feb 22 21:33:34 UTC 2024 

This bug was fixed in the package cmake - 3.22.1-1ubuntu1.22.04.2

---------------
cmake (3.22.1-1ubuntu1.22.04.2) jammy; urgency=medium

  * Cherry pick upstream fix to avoid a segfault when encountering
    an empty /proc/cpuinfo (LP: #2052360).
  * Cherry pick upstream fix for test failure caused by git setting
    protocol.file.allow=user by default to mitigate CVE-2022-39253
    (LP: #2052362).

 -- dann frazier <dannf at ubuntu.com>  Sat, 03 Feb 2024 16:33:56 -0700

** Changed in: cmake (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-39253

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cmake in Ubuntu.
https://bugs.launchpad.net/bugs/2052360

Title:
  empty /proc/cpuinfo can cause segfault

Status in cmake package in Ubuntu:
  Fix Released
Status in cmake source package in Jammy:
  Fix Released
Status in cmake source package in Mantic:
  Fix Released
Status in cmake source package in Noble:
  Fix Released

Bug description:
  [Impact]
  cmake-extra's copyrighttest autopkgtest segfaults on armhf in our test infra:
    https://objectstorage.prodstack5.canonical.com/swift/v1/0f9aae918d5b4744bf7b827671c86842/autopkgtest-jammy/jammy/armhf/c/cmake-extras/20240118_231525_552d3@/log.gz

  This is because /proc/cpuinfo appears to be empty, which triggers an
  underflow condition. This doesn't impact all architectures - it may be
  limited to armhf containers running on arm64 hosts.

  This presumably impacts the building of any software using the
  CopyrightTest module provided by cmake-extra in a similar environment.

  [Test Case]
  Launch an armhf lxd jammy container and run the autopkgtest for cmake-extras within:

  ubuntu at armhf:~/cmake-extras-1.6$ ./debian/tests/copyrighttest
  + set -ep
  + mktemp --tmpdir=/tmp -d
  + builddir=/tmp/tmp.106fU16BhF
  + trap rm -rf /tmp/tmp.106fU16BhF 0 INT QUIT ABRT PIPE TERM
  + pwd
  + srcdir=/home/ubuntu/cmake-extras-1.6/examples/copyrighttest-demo
  + cd /tmp/tmp.106fU16BhF
  + cmake /home/ubuntu/cmake-extras-1.6/examples/copyrighttest-demo
  -- The C compiler identification is GNU 11.4.0
  -- The CXX compiler identification is GNU 11.4.0
  -- Detecting C compiler ABI info
  -- Detecting C compiler ABI info - done
  -- Check for working C compiler: /usr/bin/cc - skipped
  -- Detecting C compile features
  -- Detecting C compile features - done
  -- Detecting CXX compiler ABI info
  -- Detecting CXX compiler ABI info - done
  -- Check for working CXX compiler: /usr/bin/c++ - skipped
  -- Detecting CXX compile features
  -- Detecting CXX compile features - done
  terminate called after throwing an instance of 'std::length_error'
    what():  basic_string::_M_replace_aux
  Aborted (core dumped)
  + rm -rf /tmp/tmp.106fU16BhF
  ubuntu at armhf:~/cmake-extras-1.6$

  [What Could Go Wrong]
  The upstream fix now emits an errors message when an empty /proc/cpuinfo file is found. This error message is not expected by cmake's built-in tests, causing those tests to fail. It may impact other tests as well. Though it should only be emitted in environments where cmake would otherwise crash.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cmake/+bug/2052360/+subscriptions

More information about the foundations-bugs mailing list