Ubuntu
gdk-pixbuf package

cve-2015-4491 fails with MALLOC_CHECK_=2 and MALLOC_PERTURB_=$((${RANDOM:-256} % 256)), sometimes

Bug #1519030 reported by Dimitri John Ledkov
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gdk-pixbuf
Fix Released
Medium
gdk-pixbuf (Ubuntu)
Fix Released
Undecided
Dimitri John Ledkov

Bug Description

cve-2015-4491 fails with MALLOC_CHECK_=2 and MALLOC_PERTURB_=$((${RANDOM:-256} % 256)), sometimes

it's possibly being killed with OOM, so need to validate that first.

Tags: s390x
Dimitri John Ledkov (xnox)
tags: added: xnox
Revision history for this message
Dimitri John Ledkov (xnox) wrote :
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

# for i in `seq 256`; do export MALLOC_PERTURB_=$i; .libs/lt-cve-2015-4491>/dev/null && echo $i: good || echo $i: bad; done
1: bad
2: good
3: good
4: bad
5: bad
6: good
7: good
8: good
9: good
10: bad
11: good
12: good
13: good
14: bad
15: good
16: good
17: good
18: good

Leads me to belief that the test is broken, and depends on the actuall memory to be in a consistent state after allocation. It seems that it has been recognised already that the test is borked, and it ends up skipping said test most of the time on s390x with OOM error. In my instance, it's getting OOM killed, rather than getting OOM error. Disabling MALLOC_PERTURB_ passes the test, which I've now done. This bug should be forwared upstream, for further investigation.

Dimitri John Ledkov (xnox)
tags: added: s390x
removed: xnox
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

done, submit upstream.

Changed in gdk-pixbuf (Ubuntu):
status: New → In Progress
assignee: nobody → Dimitri John Ledkov (xnox)
Dimitri John Ledkov (xnox)
Changed in gdk-pixbuf (Ubuntu):
status: In Progress → Triaged
Revision history for this message
Iain Lane (laney) wrote :

where's the upstream bug?

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

gdk-pixbuf (2.32.2-1ubuntu1) xenial; urgency=medium

  * Unset MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original test, as
    it fails with OOM, or gets OOM killed.

 -- Dimitri John Ledkov <email address hidden> Tue, 24 Nov 2015 16:58:42 +0000

Changed in gdk-pixbuf (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

@laney bug attached as remote tracked one now.

Revision history for this message
Iain Lane (laney) wrote : Re: [Bug 1519030] Re: cve-2015-4491 fails with MALLOC_CHECK_=2 and MALLOC_PERTURB_=$((${RANDOM:-256} % 256)), sometimes

On Fri, Apr 15, 2016 at 10:22:39AM -0000, Dimitri John Ledkov wrote:
> @laney bug attached as remote tracked one now.

Thanks!

Might be good to try the patch in

  https://bugzilla.gnome.org/show_bug.cgi?id=754387#c24

too. That's what reminded me of this bit of Ubuntu delta.

--
Iain Lane [ <email address hidden> ]
Debian Developer [ <email address hidden> ]
Ubuntu Developer [ <email address hidden> ]

Bug Watch Updater (bug-watch-updater)
Changed in gdk-pixbuf:
importance: Unknown → Medium
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in gdk-pixbuf:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.