[Bug 2051141] [NEW] fwupd can assert on xb_lzma_decompressor_convert on invalid firmware files

Marco Trevisan (Treviño) 2051141 at bugs.launchpad.net
Wed Jan 24 15:51:50 UTC 2024


Public bug reported:

After downloading firmware database files fwupd could crash because of
this:

Starting program: /usr/libexec/fwupd/fwupd --verbose
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
15:47:33.085 FuDebug              verbose to info (on console 1)
15:47:33.086 FuEngine             starting fwupd 1.9.9…
[New Thread 0x7ffff33ff640 (LWP 159733)]
15:47:33.096 FuRemoteList         loading remote from /etc/fwupd/remotes.d/dell-esrt.conf
15:47:33.096 FuRemoteList         loading remote from /etc/fwupd/remotes.d/fwupd.conf
15:47:33.096 FuRemoteList         loading remote from /etc/fwupd/remotes.d/lvfs-testing.conf
15:47:33.097 FuRemoteList         loading remote from /etc/fwupd/remotes.d/lvfs.conf
15:47:33.097 FuRemoteList         loading remote from /etc/fwupd/remotes.d/vendor-directory.conf
15:47:33.097 FuRemoteList         loading remote from /etc/fwupd/remotes.d/vendor.conf
15:47:33.097 FuRemoteList         enabled remotes: dell-esrt[1000], fwupd[1000], vendor-directory[1000], lvfs[0]
15:47:33.097 FuEngine             client certificate now exists: nothing to do
15:47:33.142 FuQuirks             loading quirks from /usr/share/fwupd/quirks.d
15:47:33.142 FuQuirks             loading quirks from /var/lib/fwupd/quirks.d
15:47:33.143 FuContext            SMBIOS Manufacturer=LENOVO
15:47:33.143 FuContext            SMBIOS EnclosureKind=a
15:47:33.143 FuContext            SMBIOS Family=ThinkPad P14s Gen 4
15:47:33.143 FuContext            SMBIOS ProductName=
15:47:33.143 FuContext            SMBIOS ProductSku=LENOVO_MT_21K5_BU_Think_FM_ThinkPad P14s Gen 4
15:47:33.143 FuContext            SMBIOS BiosVendor=LENOVO
15:47:33.143 FuContext            SMBIOS BiosVersion=R2FET36W (1.16 )
15:47:33.143 FuContext            SMBIOS BiosMajorRelease=01
15:47:33.143 FuContext            SMBIOS BiosMinorRelease=10
15:47:33.143 FuContext            SMBIOS FirmwareMajorRelease=01
15:47:33.143 FuContext            SMBIOS FirmwareMinorRelease=0e
15:47:33.143 FuContext            SMBIOS BaseboardManufacturer=LENOVO
15:47:33.143 FuContext            SMBIOS BaseboardProduct=21K5CTO1WW
15:47:33.143 FuContext            failed to load fdt: cannot find /sys/firmware/fdt or override /var/lib/fwupd/system.dtb
15:47:33.146 FuContext            added udev subsystem watch of firmware-attributes
15:47:33.218 FuBiosSettings       loaded 91 BIOS settings
15:47:33.218 FuBiosSettings       Disabling changing SecureBoot since Allow3rdPartyUEFICA is Disable
15:47:33.218 FuEngine             loading metadata for remote 'vendor-directory'
15:47:33.218 FuEngine             ignoring: /usr/share/fwupd/remotes.d/vendor/firmware/README.md
15:47:33.218 FuEngine             ignoring: Errore nell'aprire la directory «/var/lib/fwupd/local.d»: File o directory non esistente
15:47:33.218 FuEngine             ignoring: Errore nell'aprire la directory «/usr/share/fwupd/local.d»: File o directory non esistente
**
ERROR:../src/xb-lzma-decompressor.c:130:xb_lzma_decompressor_convert: code should not be reached
Bail out! ERROR:../src/xb-lzma-decompressor.c:130:xb_lzma_decompressor_convert: code should not be reached

Thread 1 "fwupd" received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:44
44	./nptl/pthread_kill.c: File o directory non esistente.
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140737313229568, signo=signo at entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff7442476 in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff74287f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff7743b57 in g_assertion_message
    (domain=<optimized out>, file=<optimized out>, line=<optimized out>, func=0x7ffff7eb4990 "xb_lzma_decompressor_convert", message=<optimized out>) at ../../../glib/gtestutils.c:3253
#6  0x00007ffff779d70f in g_assertion_message_expr
    (domain=0x0, file=0x7ffff7eb412e "../src/xb-lzma-decompressor.c", line=130, func=0x7ffff7eb4990 "xb_lzma_decompressor_convert", expr=<optimized out>) at ../../../glib/gtestutils.c:3279
#7  0x00007ffff7e9d548 in  () at /lib/x86_64-linux-gnu/libxmlb.so.2
#8  0x00007ffff78aeec5 in read_internal
    (stream=<optimized out>, buffer=<optimized out>, count=<optimized out>, blocking=1, cancellable=0x0, error=0x7fffffffdeb8) at ../../../gio/gconverterinputstream.c:492
#9  0x00007ffff78dd1f7 in g_input_stream_read
    (stream=0x5555555b6960, buffer=0x555555675ed0, count=32768, cancellable=0x0, error=0x7fffffffdeb8)
    at ../../../gio/ginputstream.c:198
#10 0x00007ffff7ea324c in xb_builder_compile () at /lib/x86_64-linux-gnu/libxmlb.so.2
#11 0x00007ffff7ea4175 in xb_builder_ensure () at /lib/x86_64-linux-gnu/libxmlb.so.2
#12 0x00007ffff7c8a249 in fu_engine_load_metadata_store
    (self=self at entry=0x5555555b2000, flags=flags at entry=78, error=error at entry=0x7fffffffe248)
    at ../src/fu-engine.c:4623
#13 0x00007ffff7c916e3 in fu_engine_load
    (self=<optimized out>, flags=flags at entry=78, progress=<optimized out>, error=error at entry=0x7fffffffe248)
    at ../src/fu-engine.c:8757
#14 0x0000555555561c92 in fu_daemon_setup
    (self=self at entry=0x5555555aa010, socket_address=socket_address at entry=0x0, error=error at entry=0x7fffffffe248)
    at ../src/fu-daemon.c:2306
#15 0x000055555555c078 in main (argc=<optimized out>, argv=<optimized out>) at ../src/fu-main.c:174
(gdb)

--

This has been fixed upstream via
https://github.com/hughsie/libxmlb/pull/133 so it would be a nice
backport for 22.04, since it may prevent system updates.

** Affects: libxmlb (Ubuntu)
     Importance: Medium
         Status: Fix Released

** Affects: libxmlb (Ubuntu Jammy)
     Importance: Medium
         Status: Triaged

** Also affects: libxmlb (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Changed in: libxmlb (Ubuntu Jammy)
       Status: New => Triaged

** Changed in: libxmlb (Ubuntu)
       Status: Triaged => Fix Released

** Changed in: libxmlb (Ubuntu Jammy)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libxmlb in Ubuntu.
Matching subscriptions: foundations-bugs-libxmlb
https://bugs.launchpad.net/bugs/2051141

Title:
  fwupd can assert on xb_lzma_decompressor_convert on  invalid firmware
  files

Status in libxmlb package in Ubuntu:
  Fix Released
Status in libxmlb source package in Jammy:
  Triaged

Bug description:
  After downloading firmware database files fwupd could crash because of
  this:

  Starting program: /usr/libexec/fwupd/fwupd --verbose
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  15:47:33.085 FuDebug              verbose to info (on console 1)
  15:47:33.086 FuEngine             starting fwupd 1.9.9…
  [New Thread 0x7ffff33ff640 (LWP 159733)]
  15:47:33.096 FuRemoteList         loading remote from /etc/fwupd/remotes.d/dell-esrt.conf
  15:47:33.096 FuRemoteList         loading remote from /etc/fwupd/remotes.d/fwupd.conf
  15:47:33.096 FuRemoteList         loading remote from /etc/fwupd/remotes.d/lvfs-testing.conf
  15:47:33.097 FuRemoteList         loading remote from /etc/fwupd/remotes.d/lvfs.conf
  15:47:33.097 FuRemoteList         loading remote from /etc/fwupd/remotes.d/vendor-directory.conf
  15:47:33.097 FuRemoteList         loading remote from /etc/fwupd/remotes.d/vendor.conf
  15:47:33.097 FuRemoteList         enabled remotes: dell-esrt[1000], fwupd[1000], vendor-directory[1000], lvfs[0]
  15:47:33.097 FuEngine             client certificate now exists: nothing to do
  15:47:33.142 FuQuirks             loading quirks from /usr/share/fwupd/quirks.d
  15:47:33.142 FuQuirks             loading quirks from /var/lib/fwupd/quirks.d
  15:47:33.143 FuContext            SMBIOS Manufacturer=LENOVO
  15:47:33.143 FuContext            SMBIOS EnclosureKind=a
  15:47:33.143 FuContext            SMBIOS Family=ThinkPad P14s Gen 4
  15:47:33.143 FuContext            SMBIOS ProductName=
  15:47:33.143 FuContext            SMBIOS ProductSku=LENOVO_MT_21K5_BU_Think_FM_ThinkPad P14s Gen 4
  15:47:33.143 FuContext            SMBIOS BiosVendor=LENOVO
  15:47:33.143 FuContext            SMBIOS BiosVersion=R2FET36W (1.16 )
  15:47:33.143 FuContext            SMBIOS BiosMajorRelease=01
  15:47:33.143 FuContext            SMBIOS BiosMinorRelease=10
  15:47:33.143 FuContext            SMBIOS FirmwareMajorRelease=01
  15:47:33.143 FuContext            SMBIOS FirmwareMinorRelease=0e
  15:47:33.143 FuContext            SMBIOS BaseboardManufacturer=LENOVO
  15:47:33.143 FuContext            SMBIOS BaseboardProduct=21K5CTO1WW
  15:47:33.143 FuContext            failed to load fdt: cannot find /sys/firmware/fdt or override /var/lib/fwupd/system.dtb
  15:47:33.146 FuContext            added udev subsystem watch of firmware-attributes
  15:47:33.218 FuBiosSettings       loaded 91 BIOS settings
  15:47:33.218 FuBiosSettings       Disabling changing SecureBoot since Allow3rdPartyUEFICA is Disable
  15:47:33.218 FuEngine             loading metadata for remote 'vendor-directory'
  15:47:33.218 FuEngine             ignoring: /usr/share/fwupd/remotes.d/vendor/firmware/README.md
  15:47:33.218 FuEngine             ignoring: Errore nell'aprire la directory «/var/lib/fwupd/local.d»: File o directory non esistente
  15:47:33.218 FuEngine             ignoring: Errore nell'aprire la directory «/usr/share/fwupd/local.d»: File o directory non esistente
  **
  ERROR:../src/xb-lzma-decompressor.c:130:xb_lzma_decompressor_convert: code should not be reached
  Bail out! ERROR:../src/xb-lzma-decompressor.c:130:xb_lzma_decompressor_convert: code should not be reached

  Thread 1 "fwupd" received signal SIGABRT, Aborted.
  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:44
  44	./nptl/pthread_kill.c: File o directory non esistente.
  (gdb) bt
  #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:44
  #1  __pthread_kill_internal (signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:78
  #2  __GI___pthread_kill (threadid=140737313229568, signo=signo at entry=6) at ./nptl/pthread_kill.c:89
  #3  0x00007ffff7442476 in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
  #4  0x00007ffff74287f3 in __GI_abort () at ./stdlib/abort.c:79
  #5  0x00007ffff7743b57 in g_assertion_message
      (domain=<optimized out>, file=<optimized out>, line=<optimized out>, func=0x7ffff7eb4990 "xb_lzma_decompressor_convert", message=<optimized out>) at ../../../glib/gtestutils.c:3253
  #6  0x00007ffff779d70f in g_assertion_message_expr
      (domain=0x0, file=0x7ffff7eb412e "../src/xb-lzma-decompressor.c", line=130, func=0x7ffff7eb4990 "xb_lzma_decompressor_convert", expr=<optimized out>) at ../../../glib/gtestutils.c:3279
  #7  0x00007ffff7e9d548 in  () at /lib/x86_64-linux-gnu/libxmlb.so.2
  #8  0x00007ffff78aeec5 in read_internal
      (stream=<optimized out>, buffer=<optimized out>, count=<optimized out>, blocking=1, cancellable=0x0, error=0x7fffffffdeb8) at ../../../gio/gconverterinputstream.c:492
  #9  0x00007ffff78dd1f7 in g_input_stream_read
      (stream=0x5555555b6960, buffer=0x555555675ed0, count=32768, cancellable=0x0, error=0x7fffffffdeb8)
      at ../../../gio/ginputstream.c:198
  #10 0x00007ffff7ea324c in xb_builder_compile () at /lib/x86_64-linux-gnu/libxmlb.so.2
  #11 0x00007ffff7ea4175 in xb_builder_ensure () at /lib/x86_64-linux-gnu/libxmlb.so.2
  #12 0x00007ffff7c8a249 in fu_engine_load_metadata_store
      (self=self at entry=0x5555555b2000, flags=flags at entry=78, error=error at entry=0x7fffffffe248)
      at ../src/fu-engine.c:4623
  #13 0x00007ffff7c916e3 in fu_engine_load
      (self=<optimized out>, flags=flags at entry=78, progress=<optimized out>, error=error at entry=0x7fffffffe248)
      at ../src/fu-engine.c:8757
  #14 0x0000555555561c92 in fu_daemon_setup
      (self=self at entry=0x5555555aa010, socket_address=socket_address at entry=0x0, error=error at entry=0x7fffffffe248)
      at ../src/fu-daemon.c:2306
  #15 0x000055555555c078 in main (argc=<optimized out>, argv=<optimized out>) at ../src/fu-main.c:174
  (gdb)

  --

  This has been fixed upstream via
  https://github.com/hughsie/libxmlb/pull/133 so it would be a nice
  backport for 22.04, since it may prevent system updates.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxmlb/+bug/2051141/+subscriptions




More information about the foundations-bugs mailing list