Bug#894917: procps: pgrep -u UID segfaults

[Craig Small]

The bug is actually worse than this. Any time pgrep is run without a
process name and it matches nothing it segfaults.

The fix is a one liner already applied upstream.

 - Craig

-- 
Craig Small https://dropbear.xyz/ csmall at : dropbear.xyz
Debian GNU/Linuxhttps://www.debian.org/   csmall at : debian.org
Mastodon: @smalls...@social.dropbear.xyz Twitter: @smallsees
GPG fingerprint:  5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5

Bug#894917: procps: pgrep -u UID segfaults

[Paul Gevers]

Source: procps
Version: 2:3.3.13-1
Severity: serious
Justification: breaks other packages use of pgrep
User: ci-t...@tracker.debian.org
Usertags: triggers
Control: affects -1 ganeti
Control: affects -1 gearmand

Dear Craig,

Triggered by the regressions in the autopkgtests of ganeti¹ and
gearmand² for the procps/2:3.3.13-1 trigger, I tried to investigate a
bit what those packages were doing.

I discovered that ganeti is using "pgrep -u UID" and processes the exit
code. However, when I run "pgrep -u 1" with the latest version of
procps it segfaults. The version in buster is fine.

paul@testavoira ~ $ pgrep -V
pgrep from procps-ng 3.3.12
paul@testavoira ~ $ pgrep -u 1 ; echo $?
1

(pbuild19122) testavoira cacti-1.1.37+ds1 # pgrep -V
pgrep from procps-ng 3.3.13
(pbuild19122) testavoira cacti-1.1.37+ds1 # pgrep -u 1 ; echo $?
Segmentation fault
139

Not sure what gearmand is doing, but it may be the same.

I used the severity serious to give you time to solve the issue before this
version migrates to buster.

Paul

¹ https://ci.debian.net/packages/g/ganeti/testing/amd64/
² https://ci.debian.net/packages/g/gearmand/testing/amd64/




signature.asc
Description: OpenPGP digital signature