[Bug 2069821] Re: [VROC] [Ub 24.04] mdadm: buffer overflow detected

Simon Chopin 2069821 at bugs.launchpad.net
Thu Aug 29 10:56:30 UTC 2024 

Hi Mauricio,

While some of your remarks are expected for an SRU review (SRU template, DEP-3, versioning, arguably changelog formatting), I'm bumping hard on the points 3 and 5.
AFAIK those are a matter of preference and tooling, and I have never come across any policy documentation mentioning either of those items.

It's fairly common to edit big series files by hand, in which case empty
lines really help to structure that file. This is the first time I've
seen someone complain about them!

If a package's patch set is maintained using gbp pq, it's natural to use
subdirectories rather than plain file prefixes. I myself don't use that
tool too often but still favour subdirs because, well, I find them more
manageable long-term.


If this is documented, consensual policy then I'm reluctantly OK with changing my ways, but otherwise, could you please distinguish those cosmetic preferences from actual hard requirements? Otherwise it makes it unnecessarily hard for people that are still learning packaging.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mdadm in Ubuntu.
https://bugs.launchpad.net/bugs/2069821

Title:
  [VROC] [Ub 24.04] mdadm: buffer overflow detected

Status in mdadm package in Ubuntu:
  Fix Released
Status in mdadm source package in Noble:
  Incomplete
Status in mdadm source package in Oracular:
  Fix Released

Bug description:
  [ Impact ]

  mdadm crashes sporadically with error *** buffer overflow detected ***
  at some invokations:

  - mdadm --detail-pl
  - mdadm -CR /dev/md0 -l1 -n2 /dev/nvme0n1 /dev/nvme1n1
  *** buffer overflow detected ***: terminated
  Aborted (core dumped)

  [ Test Plan ]

  - Install mdadm
  - Issue this command several times:
  mdadm --detail-pl

  [ Where problems could occur ]

  The fix is very small and basically it replaces the unsafe functions call
  to sprintf by calling snprintf for Intel platforms (platform_intel.c)
  I do not expect high regression risk.

  [ Other Info ]

  mdadm is built with FORTIFY_SOURCE=3 (as it is done in Ubuntu 24.04).
  and it uses the unsafe function sprintf() that will cause the
  buffer-overflow error

  It is fixed in mdadm upstream:
  https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=827e1870f320545796d907f50af594e901399417

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/2069821/+subscriptions

More information about the foundations-bugs mailing list