[Bug 2054343] Re: CVE-2023-4039: ARM64 GCC

Mauricio Faria de Oliveira 2054343 at bugs.launchpad.net
Wed Aug 14 21:25:06 UTC 2024 

Test results with Focal (partial; gcc-9 pending)

Environment:
-----------

$ lsb_release -cs
focal

$ uname -m
aarch64

$ sudo dmesg | grep DMI:
[    0.004570] DMI: Amazon EC2 t4g.nano/, BIOS 1.0 11/1/2018

Setup:
-----

ulimit -c unlimited
echo '/var/crash/core.%e' | sudo tee /proc/sys/kernel/core_pattern
echo 0 | sudo tee /proc/sys/kernel/core_uses_pid

# Test-cases
# https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html

cat <<EOF >example-dynamic.c
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv) {
    if (argc != 2)
        return 1;

    // Variable-length array
    uint8_t input[atoi(argv[1])];

    size_t n = fread(input, 1, 4096, stdin);
    fwrite(input, 1, n, stdout);

    return 0;
}
EOF

cat <<EOF >example-static.c
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>

int main(void) {
    uint8_t input[8];

    size_t n = fread(input, 1, 4096, stdin);
    fwrite(input, 1, n, stdout);

    return 0;
}
EOF


Original packages:
-----------------
- Dynamic: Bus error (*NOT* 'buffer overflow deteced'): FAIL
- Static: Aborted ('buffer overflow detected'): PASS

sudo apt update
sudo apt install --yes gcc-{9,10} gdb

# Test 1 (Dynamic)

for GCC in gcc-{9,10}; do
  echo "Test $GCC (dynamic)"
  PROG="test-$GCC"
  CORE="/var/crash/core.$PROG"
  $GCC -fstack-protector-all -O3 -static -Wall -Wextra -pedantic -o $PROG example-dynamic.c
  
  rm -f $CORE
  echo -n 'DDDDDDDDPPPPPPPPFFFFFFFFAAAAAAAA' | ./$PROG 8
  gdb --batch -ex bt $PROG $CORE | grep -e '^#1'
  echo
done

Test gcc-9 (dynamic)
Bus error (core dumped)
#1  0x4141414141414141 in ?? ()

Test gcc-10 (dynamic)
Bus error (core dumped)
#1  0x4141414141414141 in ?? ()


# Test 2 (Static)

# FIXME 9 and 10

for GCC in gcc-{9,10}; do
  echo "Test $GCC (static)"
  PROG="test-$GCC"
  CORE="/var/crash/core.$PROG"
  $GCC -fstack-protector-all -O3 -static -Wall -Wextra -pedantic -Wno-attribute-warning -o $PROG example-static.c
  
  rm -f $CORE
  echo -n 'DDDDDDDDGGGGGGGG' | ./$PROG
  gdb --batch -ex bt $PROG $CORE | grep '^#1'
  echo
done

Test gcc-9 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1  0x0000000000400454 in abort ()

Test gcc-10 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1  0x0000000000400454 in abort ()



Modified packages:
-----------------
- Dynamic: Aborted ('buffer overflow deteced'): PASS (fixed)
- Static: Aborted ('buffer overflow detected'): PASS (no regression)

sudo add-apt-repository -y ppa:mfo/lp2054343
sudo apt install --yes gcc-{9,10} gdb

### FIXME (gcc-9 not yet patched)

# Test 1 (Dynamic)

for GCC in gcc-{9,10}; do
  echo "Test $GCC (dynamic)"
  PROG="test-$GCC"
  CORE="/var/crash/core.$PROG"
  $GCC -fstack-protector-all -O3 -static -Wall -Wextra -pedantic -o $PROG example-dynamic.c
  
  rm -f $CORE
  echo -n 'DDDDDDDDPPPPPPPPFFFFFFFFAAAAAAAA' | ./$PROG 8
  gdb --batch -ex bt $PROG $CORE | grep -e '^#1'
  echo
done

Test gcc-9 (dynamic)
Bus error (core dumped)
#1  0x4141414141414141 in ?? ()

Test gcc-10 (dynamic)
*** stack smashing detected ***: terminated
Aborted (core dumped)
#1  0x0000000000400454 in abort ()

# Test 2 (Static)

for GCC in gcc-{9,10}; do
  echo "Test $GCC (static)"
  PROG="test-$GCC"
  CORE="/var/crash/core.$PROG"
  $GCC -fstack-protector-all -O3 -static -Wall -Wextra -pedantic -Wno-attribute-warning -o $PROG example-static.c
  
  rm -f $CORE
  echo -n 'DDDDDDDDGGGGGGGG' | ./$PROG
  gdb --batch -ex bt $PROG $CORE | grep '^#1'
  echo
done

Test gcc-9 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1  0x0000000000400454 in abort ()

Test gcc-10 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1  0x0000000000400454 in abort ()

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gcc-10 in Ubuntu.
https://bugs.launchpad.net/bugs/2054343

Title:
  CVE-2023-4039: ARM64 GCC

Status in gcc-10 package in Ubuntu:
  Fix Released
Status in gcc-11 package in Ubuntu:
  Fix Released
Status in gcc-12 package in Ubuntu:
  Fix Released
Status in gcc-13 package in Ubuntu:
  Fix Released
Status in gcc-9 package in Ubuntu:
  Fix Released
Status in gcc-10 source package in Focal:
  Triaged
Status in gcc-9 source package in Focal:
  Triaged
Status in gcc-10 source package in Jammy:
  Triaged
Status in gcc-11 source package in Jammy:
  Triaged
Status in gcc-12 source package in Jammy:
  Triaged
Status in gcc-9 source package in Jammy:
  Triaged
Status in gcc-10 source package in Noble:
  Fix Released
Status in gcc-11 source package in Noble:
  Fix Released
Status in gcc-12 source package in Noble:
  Fix Released
Status in gcc-13 source package in Noble:
  Fix Released

Bug description:
  See
  https://launchpad.net/ubuntu/+source/gcc-10/10.5.0-3ubuntu1/+build/27746786/+files/buildlog_ubuntu-
  noble-arm64.gcc-10_10.5.0-3ubuntu1_BUILDING.txt.gz

  The above build is supposed to address
  https://nvd.nist.gov/vuln/detail/CVE-2023-4039

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gcc-10/+bug/2054343/+subscriptions

More information about the foundations-bugs mailing list