[Bug 2069821] Re: [VROC] [Ub 24.04] mdadm: buffer overflow detected

Hector CAO 2069821 at bugs.launchpad.net
Mon Jul 29 10:11:39 UTC 2024 

Hello @ktanska and affected users,

A test package with the fix is available in this PPA:

https://launchpad.net/~hectorcao/+archive/ubuntu/2069821/

Could you help on confirming the fix ?

Thanks,

** Description changed:

- Mdadm throws buffer-overflow sometimes, it depends on the building environment.
- It happens when mdadm is built with FORFTIFY_SOURCE=3 (as it is done in Ubuntu 24.04).
+ [ Impact ]
  
- Buffer-overflow is detected for many commands in this case:
+ mdadm crashes sporadically with error *** buffer overflow detected ***
+ at some invokations:
+ 
  - mdadm --detail-pl
  - mdadm -CR /dev/md0 -l1 -n2 /dev/nvme0n1 /dev/nvme1n1
  *** buffer overflow detected ***: terminated
  Aborted (core dumped)
  
- It is fixed in mdadm upstream - please apply this patch to mdadm package and rebuilt it.
+ [ Test Plan ]
+ 
+ - Install mdadm
+ - Have 2 disks to create a RAID devices
+ - Issue this command several times:
+ 
+ 
+ [ Where problems could occur ]
+ 
+ The fix is very small and basically it replaces the unsafe functions call
+ to sprintf by calling snprintf for Intel platforms (platform_intel.c)
+ I do not expect high regression risk.
+ 
+ [ Other Info ]
+ 
+ mdadm is built with FORTIFY_SOURCE=3 (as it is done in Ubuntu 24.04).
+ and it uses the unsafe function sprintf() that will cause the 
+ buffer-overflow error
+  
+  
+ It is fixed in mdadm upstream:
  https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=827e1870f320545796d907f50af594e901399417

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mdadm in Ubuntu.
https://bugs.launchpad.net/bugs/2069821

Title:
  [VROC] [Ub 24.04] mdadm: buffer overflow detected

Status in mdadm package in Ubuntu:
  In Progress
Status in mdadm source package in Noble:
  New
Status in mdadm source package in Oracular:
  In Progress

Bug description:
  [ Impact ]

  mdadm crashes sporadically with error *** buffer overflow detected ***
  at some invokations:

  - mdadm --detail-pl
  - mdadm -CR /dev/md0 -l1 -n2 /dev/nvme0n1 /dev/nvme1n1
  *** buffer overflow detected ***: terminated
  Aborted (core dumped)

  [ Test Plan ]

  - Install mdadm
  - Have 2 disks to create a RAID devices
  - Issue this command several times:

  
  [ Where problems could occur ]

  The fix is very small and basically it replaces the unsafe functions call
  to sprintf by calling snprintf for Intel platforms (platform_intel.c)
  I do not expect high regression risk.

  [ Other Info ]

  mdadm is built with FORTIFY_SOURCE=3 (as it is done in Ubuntu 24.04).
  and it uses the unsafe function sprintf() that will cause the 
  buffer-overflow error
   
   
  It is fixed in mdadm upstream:
  https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=827e1870f320545796d907f50af594e901399417

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/2069821/+subscriptions

More information about the foundations-bugs mailing list