Tested the version from cosmic-proposed in an up-to-date VM and it
failed - looks like this is not actually applied during the build - see
the build log https://launchpadlibrarian.net/398362236/buildlog_ubuntu-
cosmic-amd64.gvfs_1.38.1-0ubuntu1_BUILDING.txt.gz and notice it is never
listed during unpacking
Steps to test locally as follows:
1. Enabled cosmic-proposed
2. sudo apt-get dist-upgrade
3. sudo reboot
On next boot with the autorun.inf on a local USB drive:
$ dmesg | grep gvfs
[ 57.813663] gvfs-udisks2-vo[1777]: segfault at 7fe470b0a180 ip
00007fe470a5b6a6 sp 00007ffeeec746f0 error 4 in
libpcre.so.3.13.3[7fe470a45000+52000]
[ 176.066448] gvfs-udisks2-vo[2294]: segfault at 7f9bf21c9180 ip
00007f9bf211a6a6 sp 00007ffd2cc2ef60 error 4 in
libpcre.so.3.13.3[7f9bf2104000+52000]
$ apt-cache policy gvfs
gvfs:
Installed: 1.38.1-0ubuntu1
Candidate: 1.38.1-0ubuntu1
Version table:
*** 1.38.1-0ubuntu1 500
500 http://archive.ubuntu.com/ubuntu cosmic-proposed/main amd64 Packages
100 /var/lib/dpkg/status
1.38.0-2ubuntu2 500
500 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
** Tags removed: verification-needed-cosmic
** Tags added: verification-failed-cosmic
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1798725
Title:
gvfs may crash when parsing non-valid UTF8 in autorun.inf
Status in gvfs package in Ubuntu:
Fix Released
Status in gvfs source package in Bionic:
Fix Committed
Status in gvfs source package in Cosmic:
Fix Committed
Bug description:
* Impact
gvfs can be made to segfault by being provided an invalid autorun.inf
* Test Case
Use the proof of concept from bellow to generate an invalid
autorun.inf and place it on an usb drive, connect the drive to the
computer, gvfs shouldn't hit a segfault
* Regression potential
Check that the autorun feature keeps working
-----------------------
Reported upstream at https://bugs.exim.org/show_bug.cgi?id=2330 -
libpcre3 can be made to crash when matching the pattern \s*= when the
context is n\xff=
Able to reproduce on current Bionic using the PoC attached (which is
copied directly from the upstream bug report) - in a fresh Bionic VM:
$ sudo apt install build-essential libgtk2.0-dev
$ cd PCRE_PoC
$ ./compilePoC.sh
$ ./PoC
Content:
-------------------
n�=
-------------------
Pattern:
-------------------
\s*=
---------------------
Segmentation fault (core dumped)
Haven't yet tested the second PoC via an external disk autorun.inf and
gvfs-udisks2-volume-monitor.
Also haven't tested in Cosmic / older releases
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1798725/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
