[Bug 863761] Re: X crashed with SIGBUS in __memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:820
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Dec 17 20:46:07 UTC 2012
** Changed in: eglibc (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/863761
Title:
X crashed with SIGBUS in __memcpy_ssse3_back () at
../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:820
Status in “eglibc” package in Ubuntu:
Invalid
Status in “xserver-xorg-video-intel” package in Ubuntu:
Expired
Bug description:
Using a specially-crafted image... or an accidentally crafted one,
such as <http://bootie.daviey.com/~dave/voodoo-
oneiric-20110930-3.png>, X crashes when using the intel driver on an
ssse3-capable system.
Here is a hard-won backtrace of the issue (hard-won, given that X
crashes do not get captured by apport):
Program received signal SIGBUS, Bus error.
__memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:820
820 ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S: No such file or directory.
in ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S
(gdb) bt
#0 __memcpy_ssse3_back ()
at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:820
#1 0x00007fd96e0fa306 in intel_uxa_pixmap_put_image (pixmap=<optimized out>,
src=<optimized out>, src_pitch=25220, x=<optimized out>,
y=<optimized out>, w=<optimized out>, h=10)
at /usr/include/bits/string3.h:52
#2 0x00007fd96e0fbef7 in intel_uxa_put_image (pixmap=0x3b42d30, x=0, y=0,
w=<optimized out>, h=10, src=0x40d5e08 "\377\377\377", src_pitch=25220)
at ../../src/intel_uxa.c:806
#3 0x00007fd96e111f34 in uxa_do_put_image (src_stride=25220,
bits=0x40d5e08 "\377\377\377", format=2, h=10, w=6305, y=<optimized out>,
x=<optimized out>, pGC=0x3b48040, pDrawable=0x3b42d30,
depth=<optimized out>) at ../../uxa/uxa-accel.c:164
#4 uxa_put_image (pDrawable=0x3b42d30, pGC=0x3b48040, depth=<optimized out>,
x=0, y=0, w=6305, h=10, leftPad=0, format=2, bits=0x40d5e08 "\377\377\377")
at ../../uxa/uxa-accel.c:202
#5 0x00000000004e083c in damagePutImage (pDrawable=0x3b42d30, pGC=0x3b48040,
depth=24, x=0, y=0, w=6305, h=10, leftPad=0, format=2,
pImage=0x40d5e08 "\377\377\377") at ../../../miext/damage/damage.c:878
#6 0x000000000042c87e in ProcPutImage (client=<optimized out>)
at ../../dix/dispatch.c:1986
#7 0x000000000042fb89 in Dispatch () at ../../dix/dispatch.c:431
#8 0x00000000004232fe in main (argc=8, argv=<optimized out>,
envp=<optimized out>) at ../../dix/main.c:287
(gdb)
I've marked this as a security issue since it allows triggering a
crash of the desktop remotely through a web browser (but note, the
image *also* causes a crash when displayed with eog!). However, a
SIGBUS seems unlikely to result in privilege escalation.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: libc6 2.13-20ubuntu3
ProcVersionSignature: Ubuntu 3.0.0-11.18-generic 3.0.4
Uname: Linux 3.0.0-11-generic x86_64
ApportVersion: 1.23-0ubuntu2
Architecture: amd64
Date: Fri Sep 30 18:08:05 2011
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.1)
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: eglibc
UpgradeStatus: Upgraded to oneiric on 2011-09-23 (7 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/863761/+subscriptions
More information about the foundations-bugs
mailing list