[Touch-packages] [Bug 1771345] Re: lscpu possible crash in min/max frequency

Thu, 26 Jul 2018 00:57:43 -0700 

This bug was fixed in the package util-linux - 2.27.1-6ubuntu3.6

---------------
util-linux (2.27.1-6ubuntu3.6) xenial; urgency=medium

  * d/patches/lscpu-make-min-max-freq-arrays-usage-more-robust.patch,
    d/patches/Avoid-crash-in-min-max-caculation-when-cpu-0-being-o.patch:
    Cherry pick upstream patches to avoid SEGV in min/max frequency.
    LP: #1771345

util-linux (2.27.1-6ubuntu3.5) xenial; urgency=medium

  * d/patches/lscpu-Read-available-CPUs-max-and-min-frequencies.patch,
    d/patches/lscpu-make-cpu_-max-min-_mhz-usage-more-elegant.patch:
    Backport upstream fixes to correctly read minimum and maximum
    CPU frequencies on ppc64 when some cpus are guarded or offline.
    LP: #1732865

 -- Julian Andres Klode <juli...@ubuntu.com>  Wed, 16 May 2018 12:36:24
+0200

** Changed in: util-linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1771345

Title:
  lscpu possible crash in min/max frequency

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  Fix Released
Status in util-linux source package in Artful:
  Fix Released
Status in util-linux source package in Bionic:
  Fix Released

Bug description:
  [Impact]
  lscpu prior to 2.32 does not correctly check for NULL members in min/max CPU 
frequency arrays and can call atof() on them, leading to crashes. It seems 
that's what caused the verification to fail for bug 1732865. The following 
fixes have been committed upstream:

  from 2.30: https://github.com/karelzak/util-
  linux/commit/0145d84a381fc2fcd7d37e0dbf3d9dff69609ecd

  from 2.32: https://github.com/karelzak/util-
  linux/commit/95f09bc63c564c50ec2c393352801cc056faaea2

  I plan to backport them to xenial (both patches); and artful, bionic
  (second patch, they are > 2.30).

  [Regression potential]
  The worst possible regression is that lscpu would fail to correctly report 
min/max frequencies, but it seems unlikely, as we're only adding checks against 
null pointers / move an atof into a loop.

  [Test case]
  Extract attached segvtest.tar.gz and run lscpu -s segvtest and check that it 
does not crash (this removes min mhz file for cpu #0 for testing).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1771345/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to