[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
** Tags removed: server-todo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
Turns out clamav-1.0.0 includes a transition from libclamav9 -> libclamav11 so this is taking a bit longer than expected - but I will keep plugging away. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
Hey security, you usually do MREs of clamav anyway, do you plan to tackle this anytime soon? Assigning you to have a look. ** Changed in: clamav (Ubuntu) Assignee: (unassigned) => Christian Ehrhardt (paelzer) ** Changed in: clamav (Ubuntu) Assignee: Christian Ehrhardt (paelzer) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
I agree, but since clamav is a regular full version backport I wanted to warn to take extra considerations checking if the new rust components will work back in time or if they need to be disabled (at least on the backports). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
Looking at the upstream repo for clamav I suspect the following commit is required to be backported to clamav in lunar https://github.com/Cisco- Talos/clamav/commit/375ecf678c714623e6fb5c0119d1bec98dc700dd - or that a merge is done of clamav-1.0.0+dfsg-6 to lunar. The merge is likely the best option I suspect. ** Changed in: clamav (Ubuntu) Status: Invalid => Confirmed ** Changed in: tomsfastmath (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
I installed, in Ubuntu 23.04, the following packages from Debian bookworm: clamav, clamav-base, libclamav11 and clamav-freshclam, version 1.0.0+dfsg-6. There's no crash using libtfm1 version 0.13.1-1 from lunar. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
FWIW I can't reproduce this on a debian sid install of clamav which also uses the same version of libtfm / tomsfastmath. However, Debian is using a newer version of clamav than Ubuntu 23.04 so perhaps this may be fixed by merging that version to Ubuntu (or perhaps even a no-change rebuild of clamav in lunar against the new tomsfastmath may also be enough since it was updated after clamav was merged from Debian back in November). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
** Changed in: clamav (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
I can confirm this is a problem in libtfm. I installed libtfm1 (0.13-4.1) from kinetic repository. Freshclam runs correctly now: $ sudo dpkg -i Downloads/libtfm1_0.13-4.1_amd64.deb dpkg: warning: downgrading libtfm1:amd64 from 0.13.1-1 to 0.13-4.1 (Reading database ... 255083 files and directories currently installed.) Preparing to unpack .../libtfm1_0.13-4.1_amd64.deb ... Unpacking libtfm1:amd64 (0.13-4.1) over (0.13.1-1) ... Setting up libtfm1:amd64 (0.13-4.1) ... Processing triggers for libc-bin (2.36-0ubuntu4) ... $ sudo freshclam Tue Feb 14 13:57:52 2023 -> ClamAV update process started at Tue Feb 14 13:57:52 2023 Tue Feb 14 13:57:52 2023 -> daily database available for update (local version: 26759, remote version: 26812) Current database is 53 versions behind. Downloading database patch # 26760... Time:1.3s, ETA:0.0s [>]1.48KiB/1.48KiB ### LOTS OF DOWNLOADS Downloading database patch # 26812... Time:0.4s, ETA:0.0s [>] 14.29KiB/14.29KiB Tue Feb 14 13:58:21 2023 -> Testing database: '/var/lib/clamav/tmp.24bf72ffd7/clamav-2612b7e0fbdb3a18bf680780eff04d81.tmp-daily.cld' ... Tue Feb 14 13:58:26 2023 -> Database test passed. Tue Feb 14 13:58:26 2023 -> daily.cld updated (version: 26812, sigs: 2020880, f-level: 90, builder: raynman) Tue Feb 14 13:58:26 2023 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Tue Feb 14 13:58:26 2023 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Tue Feb 14 13:58:26 2023 -> !NotifyClamd: Can't find or parse configuration file /etc/clamav/clamd.conf ** Also affects: tomsfastmath (Ubuntu) Importance: Undecided Status: New ** Changed in: tomsfastmath (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
This crash seems to be from libtfm -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
FWIW I was able to get the following backtrace from this crash: (gdb) bt full #0 s_fp_sub (a=0x7ffe3ea481a0, b=, c=0x7ffe3ea481a0) at src/addsub/s_fp_sub.c:30 x = oldbused = oldused = 483582409 t = #1 0x7fa0134db9e1 in fp_add (a=a@entry=0x7ffe3ea48640, b=b@entry=0x7ffe3ea481a0, c=c@entry=0x7ffe3ea481a0) at src/addsub/fp_add.c:36 sa = 0 sb = #2 0x7fa013f4fd9a in cli_decodesig (sig=, plen=16, e=..., n=...) at /build/clamav-BVgrQT/clamav-0.103.7+dfsg/libclamav/dsig.c:81 i = slen = dec = plain = r = {dp = {20, 0 }, used = 0, sign = 0} p = {dp = {7523094288207667809, 8101815670912281193, 8680537053616894577, 5063528411713075833, 5642249794417674311, 6220971177122287695, 3689065128513853527, 3398873257388422452, 14252546126433011493, 3628442678755211665, 2712605966946181364, 15277839593839420578, 8694802841658813312, 5686060832697987328, 12525307746306663233, 3694540437919755632, 16682102428094490919, 5631266801228481616, 14061618276812491434, 12197667988407176409, 11079511681014219552, 3404728260627231669, 13043412223414144931, 8832037575717677253, 6256736375726068327, 1492754453746096941, 2099850458381573509, 9306592184907088834, 6237175487325309377, 10120151704950850987, 11851618273230141658, 11300675668428630678, 17403472256060924040, 689431326608835423, 13397809209459187972, 16470382282525004697, 4147042843502184282, 3335726350839652177, 17704539718282564709, 9328568386471887118, 3029035003742963202, 3721060635362210435, 15422113546084857351, 5242631485635193648, 5585345812499149634, 11028124888168443482, 12505072684500331840, 6166804767040247584, 8327969952893387040, 12531736269459262785, 3930243339632379563, 200911044503768884, 6073254765277986521, 9023911194406650026, 17641743940052621905, 6378363933382259647, 4892725150097842880, 1681410646275668659, 7878974849415667176, 11790566601723893973, 8719326998705976687, 7181653255783712, 2973234752302277065, 14834633410307321860, 8450598079591262979, 11835167384365632637, 12126364641900763477, 3130395059942365217, 3068322677788637080, 12426936100189987562, 4784747591849508306, 13164285774797318797}, used = 449974006, sign = -2091867690} c = {dp = {18446744073709551596, 18446744073709551615 }, used = -1, sign = -1} #3 0x in ?? () No symbol table info available. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
I can confirm this happens on a fresh lunar install: # lxc launch ubuntu-daily:lunar test-freshclam # lxc exec test-freshclam bash # apt update && apt dist-upgrade -y # apt install clamav # freshclam Mon Feb 13 17:29:24 2023 -> ClamAV update process started at Mon Feb 13 17:29:24 2023 Mon Feb 13 17:29:24 2023 -> daily database available for download (remote version: 26811) Time:1.8s, ETA:0.0s [>] 57.91MiB/57.91MiB Segmentation fault (core dumped) Likewise, running again with a cooldown still triggers it: ... Mon Feb 13 18:28:41 2023 -> ^You are on cool-down until after: 2023-02-14 17:37:00 Mon Feb 13 18:28:41 2023 -> bytecode database available for download (remote version: 333) Time:0.4s, ETA:0.0s [>] 286.79KiB/286.79KiB Segmentation fault (core dumped) I couldn't find any reported issues upstream that are related to this, but it seems most likely this is due to the merge from debian from 0.103.6+dfsg-1ubuntu1 to 0.103.7+dfsg-1ubuntu1 ** Tags added: server-todo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
I submitted a bug report from a recently installed Ubuntu 23.04 (2023-02-10 08:19 daily live image). This time freshclam crashes with a segmentation fault. https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2006967 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
** Changed in: clamav (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
This bug affects me, too. Further information requested by Paride Legovini: 1. What did you do to trigger it? Run "sudo freshclam" to update virus database or "clamscan /path/to/file" to scan a file. 2. Is it reproducible? Yes, it happens every time I run freshclam or clamscan. 3. Was clamav working fine before you upgraded to lunar? Yes. I upgraded to lunar back in October when its repo got available. I think this bug started in late December or early January. Commands output: $ sudo freshclam Fri Feb 10 09:31:41 2023 -> ClamAV update process started at Fri Feb 10 09:31:41 2023 Fri Feb 10 09:31:41 2023 -> daily database available for update (local version: 26759, remote version: 26808) Current database is 49 versions behind. Downloading database patch # 26760... Time:1.4s, ETA:0.0s [>]1.48KiB/1.48KiB *** stack smashing detected ***: terminated Aborted $ clamscan Downloads/AGDLIC-v6.1.0.exe LibClamAV Warning: ** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible.*** LibClamAV Warning: ** *** stack smashing detected ***: terminated Aborted (core dumped) Should I open a new bug report? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
Hello and thanks for this bug report. Couple you please provide us some more information about the crash, like: 1. What did you do to trigger it? 2. Is it reproducible? 3. Was clamav working fine before you upgraded to lunar? Do the attached stacktrace and coredump contain any private information? If this is not the case then we'll make the bug public, unless you have other objections. Thanks! ** Changed in: clamav (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs