FS#62505 - [systemd] bug in internal memory management leads to crashes
Attached to Project:
Arch Linux
Opened by Aaron Barany (akb825) - Monday, 29 April 2019, 22:40 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 14 May 2019, 18:38 GMT
Opened by Aaron Barany (akb825) - Monday, 29 April 2019, 22:40 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 14 May 2019, 18:38 GMT
|
Details
Description:
systemd has a critical bug related to its internal memory management that can cause crashes. When re-allocating internal arrays, some parts at the end won't be copied, causing some parts of the array to become uninitialized. In my situation, bringing up a file load dialog called into a libsystemd function to enumerate the devices. When the device list was built up, re-allocation of the device array caused some elements to be uninitialized, crashing the program. Additional info: * package version: 242 * github bug: https://github.com/systemd/systemd/issues/12384 * commit that introduced the bug: https://github.com/systemd/systemd/commit/d4b604baeadbb2498e4f2c3e260260eed210f5d6#diff-087f37416f7cf95b7369522ba4a76965 * github pull request to revert the commit: https://github.com/systemd/systemd/pull/12438 Steps to reproduce: This happened to me in a Qt application when default constructing a QFileDialog on a KDE system, which happened to call the libsystemd function when enumerating the devices. Reproduction of this issue will be highly dependent on: 1. The situations that call libsystemd functions that themselves call the reallocation function. 2. Cases where a reallocation will be required. For example, when enumerating the devices, the bug will only happen once you have enough devices that it needs to re-allocate the array. (in this case it re-allocated on the 9th device) |
This task depends upon
Or maybe also this? https://github.com/systemd/systemd/issues/12452
This has just given me a tremendously hard time on my server. :-(