group.of.nepali.translators team mailing list archive

[Colin Ian King <1873448@xxxxxxxxxxxxxxxxxx>]

** Changed in: stress-ng (Ubuntu Xenial)
       Status: In Progress => Fix Released

** Changed in: stress-ng (Ubuntu Xenial)
       Status: Fix Released => Fix Committed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1873448

Title:
  stress-ng in xenial segfaults on dup stressor on arm64

Status in stress-ng package in Ubuntu:
  New
Status in stress-ng source package in Xenial:
  Fix Committed

Bug description:
  == SRU justification, Xenial ==

  When running the --dup stressor with stress-ng with a process that is
  allowed to open more than 64K file descriptors we trigger a segfault
  because of an array overflow.

  == Fix ==

  A simple fix is required, just a bounds check on the maximum size
  max_fd to limit it to the size of the fds array.

  == Testcase ==

  stress-ng on arm64 with the --dup stressor will trigger this quite
  easily. The bug was found during regression testing of the previous
  xenial stress-ng upload.

  stress-ng --dup

  without the fix this will segfault. with the fix it works correctly.

  == Regression Potential ==

  Low. This affects one stress case in stress-ng, the fix is localized
  and it a backport from an upstream stress-ng fix that has been working
  for several years w/o problem.

  ----------------

  
  Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".
  stress-ng: info:  [10979] defaulting to a 86400 second run per stressor
  stress-ng: info:  [10979] dispatching hogs: 1 dup
  stress-ng: info:  [10979] cache allocate: using built-in defaults as unable to determine cache details
  stress-ng: info:  [10979] cache allocate: default cache size: 2048K
  [New process 10982]
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".
  65536 1048573

  Thread 2.1 "stress-ng-dup" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0xffffb7ff1000 (LWP 10982)]
  0x00000000004191f0 in stress_dup (counter=0xffffb7cbee78, instance=<optimised out>, max_ops=0, name=<optimised out>)
      at stress-dup.c:63
  63				fds[i] = dup(fds[0]);

  This requires a fix  from commit:

  67d872611b860a79b03dca8c7549e5cee7fec4eb Mon Sep 17 00:00:00 2001
  From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
  Date: Tue, 8 Nov 2016 15:50:20 +0000
  Subject: [PATCH] treewide: remove messy #if defined() build checks

  diff --git a/stress-dup.c b/stress-dup.c
  index 2fe2d6a6..0ac13fee 100644
  --- a/stress-dup.c
  +++ b/stress-dup.c
  @@ -45,7 +45,7 @@ int stress_dup(
          const char *name)
   {
          int fds[STRESS_FD_MAX];
  -       const size_t max_fd = stress_get_file_limit();
  +       size_t max_fd = stress_get_file_limit();
          size_t i;
   #if defined(__linux__)
          bool do_dup3 = true;
  @@ -53,6 +53,9 @@ int stress_dup(

          (void)instance;

  +       if (max_fd > SIZEOF_ARRAY(fds))
  +               max_fd =  SIZEOF_ARRAY(fds);
  +
          fds[0] = open("/dev/zero", O_RDONLY);
          if (fds[0] < 0) {
                  pr_fail_dbg(name, "open on /dev/zero");

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/stress-ng/+bug/1873448/+subscriptions