[Bug 1931391] Re: [SRU] git bisect start crashed with SIGSEGV in buffer_slab_peek()

Simon Quigley 1931391 at bugs.launchpad.net
Thu Dec 28 17:17:05 UTC 2023 

Uploaded without any changes, thank you! Great work.

Subscribing the security team so they don't accidentally pave over this.
If you could, please prioritize verification of this SRU once accepted,
so we aren't blocking their work.

Thanks again!

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1931391

Title:
  [SRU] git bisect start crashed with SIGSEGV in buffer_slab_peek()

Status in git package in Ubuntu:
  Fix Released
Status in git source package in Focal:
  Confirmed

Bug description:
  [ Impact ]

  "git bisect--helper --bisect-start <paths>" is a valid command to start the git bisect.
  And if any user uses the command to bisect then it will result in a segfault and is unusable for the user.

  But git bisect--helper is not completely unusable, it can still be
  used if the bad commit SHA and good commit SHA is mentioned with the
  command.

  [ Test Plan ]

   * clone any git repo
   * Use the command "git bisect--helper --bisect-start <file>" where <file> is any file in that git repo.

  [ Where problems could occur ]

   This is an upstream patch which has been backported. The upstream
  patch is fixing the way it treats invalid oid. The upstream patch was
  applied in 2020 and considering the number of users using 'git' and
  considering that there has been no reported regression for this patch
  so I will assume the chances of regression for us is very less.

   The only problem I could find was that one user was confused as there was no message after starting the bisect, and that has been fixed via https://github.com/git/git/commit/0cf1defa5a6764b8a0fd956ff4d114cb014cb8a4. But I feel this patch is an improvement and is not a fix suitable for a stable release.
   
  [ Other Info ]

   * The problem has been fixed by upstream in v2.29.0 so as a result
  only Focal is affected. Jammy, Lunar, Mantic and Noble are not
  affected.

  [ Original Bug Description ]

  `git bisect start <filename>` always exits with a Segmentation fault.

  ProblemType: Crash
  DistroRelease: Ubuntu 20.04
  Package: git 1:2.25.1-1ubuntu3.1
  ProcVersionSignature: Ubuntu 5.4.0-65.73-generic 5.4.78
  Uname: Linux 5.4.0-65-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.18
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: XFCE
  Date: Wed Jun  9 11:24:04 2021
  ExecutablePath: /usr/bin/git
  InstallationDate: Installed on 2016-02-27 (1929 days ago)
  InstallationMedia: Xubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
  ProcCmdline: git bisect--helper --bisect-start synapse/storage/persist_events.py
  SegvAnalysis:
   Segfault happened at: 0x55d3ab6b0cde <get_cached_commit_buffer+14>:	mov    0x48(%rsi),%esi
   PC (0x55d3ab6b0cde) ok
   source "0x48(%rsi)" (0x00000048) not located in a known VMA region (needed readable region)!
   destination "%esi" ok
  SegvReason: reading NULL VMA
  Signal: 11
  SourcePackage: git
  StacktraceTop:
   buffer_slab_peek (c=0x0, s=<optimized out>) at commit.c:290
   get_cached_commit_buffer (r=r at entry=0x55d3ab8e0680 <the_repo>, commit=commit at entry=0x0, sizep=sizep at entry=0x0) at commit.c:290
   repo_get_commit_buffer (r=r at entry=0x55d3ab8e0680 <the_repo>, commit=commit at entry=0x0, sizep=sizep at entry=0x0) at commit.c:306
   repo_logmsg_reencode (r=r at entry=0x55d3ab8e0680 <the_repo>, commit=commit at entry=0x0, commit_encoding=commit_encoding at entry=0x7ffc63d83518, output_encoding=output_encoding at entry=0x55d3ab80257a "UTF-8") at pretty.c:614
   repo_format_commit_message (r=0x55d3ab8e0680 <the_repo>, commit=commit at entry=0x0, format=format at entry=0x55d3ab815233 "%s", sb=sb at entry=0x7ffc63d83610, pretty_ctx=pretty_ctx at entry=0x7ffc63d83630) at pretty.c:1640
  Title: git crashed with SIGSEGV in buffer_slab_peek()
  UpgradeStatus: Upgraded to focal on 2021-02-16 (112 days ago)
  UserGroups: adm cdrom dialout dip docker input libvirt libvirtd lpadmin plugdev sambashare sbuild sudo wireshark
  modified.conffile..etc.apport.crashdb.conf: [modified]
  mtime.conffile..etc.apport.crashdb.conf: 2021-06-09T11:10:35.636012
  separator:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1931391/+subscriptions

More information about the Ubuntu-sponsors mailing list