Your message dated Fri, 16 Sep 2022 10:36:41 +0200
with message-id <[email protected]>
and subject line Re: minetest.emerge_area() call with invalid position can hang
server
has caused the Debian Bug report #1010816,
regarding minetest.emerge_area() call with invalid position can hang server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1010816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010816
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: minetest
Version: 5.3.0+repack-2.1+deb11u1
Severity: normal
Tags: upstream
X-Debbugs-Cc: [email protected]
Dear Maintainer,
calling minetest.emerge_area() with the first argument being a position
where x equals 32767 causes RAM and CPU usage to spike, as the Minetest
server queues 4096 emerge calls instead of 0. Note that as of now, such
a position is nonsensical, as the map generator stops generating around
x=31007 or so. It takes a long time to process these emerge calls, even
if a server has enough spare RAM and CPU resources to not hang forever.
This bug is security-relevant: A malicious client could provoke servers
into emerging an area – e.g. if it can trigger structure placement code
that does not have bounds checks. So far I have never seen such code in
any mod that had any bounds checks for minetest.emerge_area() calls.
I have attached proof of concept code. To verify the bug, name the file
init.lua, put it in a folder that is in the minetest mods folder (named
crash_emerge) then enter a world with the mod “crash_emerge” activated.
This bug likely affects all Minetest versions and is not fixed upstream.
A fix for all versions of Minetest would be to write a mod that wraps
the function minetest.emerge_area() and checks if the given positions
are out of bounds, not calling minetest.emerge_area() if that is true.
-- System Information:
Debian Release: 11.3
APT prefers stable
APT policy: (900, 'stable'), (500, 'oldoldstable')
Architecture: i386 (i686)
Kernel: Linux 5.10.0-10-686 (SMP w/2 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages minetest depends on:
ii libc6 2.31-13+deb11u3
ii libcurl3-gnutls 7.74.0-1.3+deb11u1
ii libfreetype6 2.10.4+dfsg-1
ii libgcc-s1 10.2.1-6
ii libgmp10 2:6.2.1+dfsg-1+deb11u1
ii libirrlicht1.8 1.8.4+dfsg1-1.1
ii libjsoncpp24 1.9.4-4
ii libleveldb1d 1.22-3
ii libluajit-5.1-2 2.1.0~beta3+dfsg-5.3
ii libncursesw6 6.2+20201114-2
ii libopenal1 1:1.19.1-2
ii libpq5 13.5-0+deb11u1
ii libspatialindex6 1.9.3-2
ii libsqlite3-0 3.34.1-3
ii libstdc++6 10.2.1-6
ii libtinfo6 6.2+20201114-2
ii libvorbisfile3 1.3.7-1
ii libx11-6 2:1.7.2-1
ii minetest-data 5.3.0+repack-2.1+deb11u1
ii zlib1g 1:1.2.11.dfsg-2
minetest recommends no packages.
Versions of packages minetest suggests:
pn minetest-mod-moreblocks <none>
pn minetest-mod-moreores <none>
pn minetest-mod-pipeworks <none>
pn minetest-server <none>
pn minetestmapper <none>
-- no debconf information
local emerge = function()
local i = 32767
minetest.emerge_area(
{ x=i, y=0, z=0 },
{ x=i+1, y=0, z=0 },
function(blockpos, action, calls_remaining)
minetest.debug(
dump(
calls_remaining,
i
)
)
end
)
end
minetest.after( 0, emerge )
--- End Message ---
--- Begin Message ---
Control: forwarded -1 https://github.com/minetest/minetest/pull/11858
Control: tags -1 wontfix
Hallo Nils,
as the same reasons as in #1010827#10, I'm closing this with
the resolution "wontfix".
(linked the upstream discussion is in the "forwarded" metadata)
--
tobi
--- End Message ---
