[Bug 1789476] Re: glib apps using GSubprocess communicate might crash on g_subprocess_communicate_cancelled
Launchpad Bug Tracker
1789476 at bugs.launchpad.net
Mon Nov 12 19:50:26 UTC 2018
This bug was fixed in the package glib2.0 - 2.56.3-0ubuntu0.18.04.1
---------------
glib2.0 (2.56.3-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream release (LP: #1794544)
+ The documentation for G_GNUC_MALLOC has changed to be more restrictive
to avoid miscompilations; you should check whether any uses of it in
your code are appropriate
+ Fix cancellation of g_subprocess_communicate_async() calls
+ Bug fixes:
+ /network-monitor/create-in-thread fails in (LXC) containers on glib-2-56
+ GBookmarkFile: nullptr access in current_element
+ GBookmarkFile: heap-buffer-overflow in g_utf8_get_char
+ Backport g_subprocess_communicate() cancellation fixes from !266 to
glib-2-56 (LP: #1789476)
+ Many uses of G_GNUC_MALLOC are incorrect
+ Test for BROKEN_IP_MREQ_SOURCE_STRUCT is broken on Windows / Mingw
+ Fix persistent CI failure on glib-2-56
* debian/watch: Only find 2.56 versions.
* Drop CVE-2018-16428.patch and CVE-2018-16429.patch: applied in this release
-- Iain Lane <iain.lane at canonical.com> Wed, 26 Sep 2018 17:35:59 +0100
** Changed in: glib2.0 (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16428
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16429
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glib2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1789476
Title:
glib apps using GSubprocess communicate might crash on
g_subprocess_communicate_cancelled
Status in glib2.0 package in Ubuntu:
Fix Released
Status in glib2.0 source package in Bionic:
Fix Released
Bug description:
[ Impact ]
Glib apps using subprocess communicate and cancellable is cancelled
crashes
[ Test case ]
Run the attached example with
gjs subprocess-cancelled.js
Should not crash, or running:
valgrind gjs subprocess-cancelled.js
should not return any read error (as the one mentioned below)
[ Regression potential ]
Really low, the only thing that could happen is that the subprocess
isn't really cancelled.
---
Fixed upstream in
https://gitlab.gnome.org/GNOME/glib/merge_requests/266
#0 g_cancellable_cancel (cancellable=0x6) at ../../glib/gio/gcancellable.c:486
#1 0x00007ffff7ab8d1d in g_subprocess_communicate_cancelled (user_data=<optimized out>) at ../../glib/gio/gsubprocess.c:1535
--
==25871== Memcheck, a memory error detector
==25871== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==25871== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==25871== Command: gjs /tmp/subprocess-cancelled.js
==25871==
==25871== Warning: set address range perms: large range [0x377ee1e21000, 0x377f21e21000) (noaccess)
==25871== Invalid read of size 8
==25871== at 0x4EC5604: g_subprocess_communicate_cancelled (gsubprocess.c:1535)
==25871== by 0x547A0F4: g_main_dispatch (gmain.c:3177)
==25871== by 0x547A0F4: g_main_context_dispatch (gmain.c:3830)
==25871== by 0x547A4BF: g_main_context_iterate.isra.26 (gmain.c:3903)
==25871== by 0x547A54B: g_main_context_iteration (gmain.c:3964)
==25871== by 0x6C4EDAD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==25871== by 0x6C4E71E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==25871== by 0x5775607: ??? (in /usr/lib/libgjs.so.0.0.0)
==25871== by 0x5776F53: ??? (in /usr/lib/libgjs.so.0.0.0)
==25871== by 0x8A3FF6B: CallJSNative (jscntxtinlines.h:239)
==25871== by 0x8A3FF6B: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (Interpreter.cpp:447)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/1789476/+subscriptions
More information about the foundations-bugs
mailing list