[Bug 2051141] [NEW] fwupd can assert on xb_lzma_decompressor_convert on invalid firmware files
Marco Trevisan (Treviño)
2051141 at bugs.launchpad.net
Wed Jan 24 15:51:50 UTC 2024
Public bug reported:
After downloading firmware database files fwupd could crash because of
this:
Starting program: /usr/libexec/fwupd/fwupd --verbose
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
15:47:33.085 FuDebug verbose to info (on console 1)
15:47:33.086 FuEngine starting fwupd 1.9.9…
[New Thread 0x7ffff33ff640 (LWP 159733)]
15:47:33.096 FuRemoteList loading remote from /etc/fwupd/remotes.d/dell-esrt.conf
15:47:33.096 FuRemoteList loading remote from /etc/fwupd/remotes.d/fwupd.conf
15:47:33.096 FuRemoteList loading remote from /etc/fwupd/remotes.d/lvfs-testing.conf
15:47:33.097 FuRemoteList loading remote from /etc/fwupd/remotes.d/lvfs.conf
15:47:33.097 FuRemoteList loading remote from /etc/fwupd/remotes.d/vendor-directory.conf
15:47:33.097 FuRemoteList loading remote from /etc/fwupd/remotes.d/vendor.conf
15:47:33.097 FuRemoteList enabled remotes: dell-esrt[1000], fwupd[1000], vendor-directory[1000], lvfs[0]
15:47:33.097 FuEngine client certificate now exists: nothing to do
15:47:33.142 FuQuirks loading quirks from /usr/share/fwupd/quirks.d
15:47:33.142 FuQuirks loading quirks from /var/lib/fwupd/quirks.d
15:47:33.143 FuContext SMBIOS Manufacturer=LENOVO
15:47:33.143 FuContext SMBIOS EnclosureKind=a
15:47:33.143 FuContext SMBIOS Family=ThinkPad P14s Gen 4
15:47:33.143 FuContext SMBIOS ProductName=
15:47:33.143 FuContext SMBIOS ProductSku=LENOVO_MT_21K5_BU_Think_FM_ThinkPad P14s Gen 4
15:47:33.143 FuContext SMBIOS BiosVendor=LENOVO
15:47:33.143 FuContext SMBIOS BiosVersion=R2FET36W (1.16 )
15:47:33.143 FuContext SMBIOS BiosMajorRelease=01
15:47:33.143 FuContext SMBIOS BiosMinorRelease=10
15:47:33.143 FuContext SMBIOS FirmwareMajorRelease=01
15:47:33.143 FuContext SMBIOS FirmwareMinorRelease=0e
15:47:33.143 FuContext SMBIOS BaseboardManufacturer=LENOVO
15:47:33.143 FuContext SMBIOS BaseboardProduct=21K5CTO1WW
15:47:33.143 FuContext failed to load fdt: cannot find /sys/firmware/fdt or override /var/lib/fwupd/system.dtb
15:47:33.146 FuContext added udev subsystem watch of firmware-attributes
15:47:33.218 FuBiosSettings loaded 91 BIOS settings
15:47:33.218 FuBiosSettings Disabling changing SecureBoot since Allow3rdPartyUEFICA is Disable
15:47:33.218 FuEngine loading metadata for remote 'vendor-directory'
15:47:33.218 FuEngine ignoring: /usr/share/fwupd/remotes.d/vendor/firmware/README.md
15:47:33.218 FuEngine ignoring: Errore nell'aprire la directory «/var/lib/fwupd/local.d»: File o directory non esistente
15:47:33.218 FuEngine ignoring: Errore nell'aprire la directory «/usr/share/fwupd/local.d»: File o directory non esistente
**
ERROR:../src/xb-lzma-decompressor.c:130:xb_lzma_decompressor_convert: code should not be reached
Bail out! ERROR:../src/xb-lzma-decompressor.c:130:xb_lzma_decompressor_convert: code should not be reached
Thread 1 "fwupd" received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:44
44 ./nptl/pthread_kill.c: File o directory non esistente.
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=140737313229568, signo=signo at entry=6) at ./nptl/pthread_kill.c:89
#3 0x00007ffff7442476 in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff74287f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x00007ffff7743b57 in g_assertion_message
(domain=<optimized out>, file=<optimized out>, line=<optimized out>, func=0x7ffff7eb4990 "xb_lzma_decompressor_convert", message=<optimized out>) at ../../../glib/gtestutils.c:3253
#6 0x00007ffff779d70f in g_assertion_message_expr
(domain=0x0, file=0x7ffff7eb412e "../src/xb-lzma-decompressor.c", line=130, func=0x7ffff7eb4990 "xb_lzma_decompressor_convert", expr=<optimized out>) at ../../../glib/gtestutils.c:3279
#7 0x00007ffff7e9d548 in () at /lib/x86_64-linux-gnu/libxmlb.so.2
#8 0x00007ffff78aeec5 in read_internal
(stream=<optimized out>, buffer=<optimized out>, count=<optimized out>, blocking=1, cancellable=0x0, error=0x7fffffffdeb8) at ../../../gio/gconverterinputstream.c:492
#9 0x00007ffff78dd1f7 in g_input_stream_read
(stream=0x5555555b6960, buffer=0x555555675ed0, count=32768, cancellable=0x0, error=0x7fffffffdeb8)
at ../../../gio/ginputstream.c:198
#10 0x00007ffff7ea324c in xb_builder_compile () at /lib/x86_64-linux-gnu/libxmlb.so.2
#11 0x00007ffff7ea4175 in xb_builder_ensure () at /lib/x86_64-linux-gnu/libxmlb.so.2
#12 0x00007ffff7c8a249 in fu_engine_load_metadata_store
(self=self at entry=0x5555555b2000, flags=flags at entry=78, error=error at entry=0x7fffffffe248)
at ../src/fu-engine.c:4623
#13 0x00007ffff7c916e3 in fu_engine_load
(self=<optimized out>, flags=flags at entry=78, progress=<optimized out>, error=error at entry=0x7fffffffe248)
at ../src/fu-engine.c:8757
#14 0x0000555555561c92 in fu_daemon_setup
(self=self at entry=0x5555555aa010, socket_address=socket_address at entry=0x0, error=error at entry=0x7fffffffe248)
at ../src/fu-daemon.c:2306
#15 0x000055555555c078 in main (argc=<optimized out>, argv=<optimized out>) at ../src/fu-main.c:174
(gdb)
--
This has been fixed upstream via
https://github.com/hughsie/libxmlb/pull/133 so it would be a nice
backport for 22.04, since it may prevent system updates.
** Affects: libxmlb (Ubuntu)
Importance: Medium
Status: Fix Released
** Affects: libxmlb (Ubuntu Jammy)
Importance: Medium
Status: Triaged
** Also affects: libxmlb (Ubuntu Jammy)
Importance: Undecided
Status: New
** Changed in: libxmlb (Ubuntu Jammy)
Status: New => Triaged
** Changed in: libxmlb (Ubuntu)
Status: Triaged => Fix Released
** Changed in: libxmlb (Ubuntu Jammy)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libxmlb in Ubuntu.
Matching subscriptions: foundations-bugs-libxmlb
https://bugs.launchpad.net/bugs/2051141
Title:
fwupd can assert on xb_lzma_decompressor_convert on invalid firmware
files
Status in libxmlb package in Ubuntu:
Fix Released
Status in libxmlb source package in Jammy:
Triaged
Bug description:
After downloading firmware database files fwupd could crash because of
this:
Starting program: /usr/libexec/fwupd/fwupd --verbose
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
15:47:33.085 FuDebug verbose to info (on console 1)
15:47:33.086 FuEngine starting fwupd 1.9.9…
[New Thread 0x7ffff33ff640 (LWP 159733)]
15:47:33.096 FuRemoteList loading remote from /etc/fwupd/remotes.d/dell-esrt.conf
15:47:33.096 FuRemoteList loading remote from /etc/fwupd/remotes.d/fwupd.conf
15:47:33.096 FuRemoteList loading remote from /etc/fwupd/remotes.d/lvfs-testing.conf
15:47:33.097 FuRemoteList loading remote from /etc/fwupd/remotes.d/lvfs.conf
15:47:33.097 FuRemoteList loading remote from /etc/fwupd/remotes.d/vendor-directory.conf
15:47:33.097 FuRemoteList loading remote from /etc/fwupd/remotes.d/vendor.conf
15:47:33.097 FuRemoteList enabled remotes: dell-esrt[1000], fwupd[1000], vendor-directory[1000], lvfs[0]
15:47:33.097 FuEngine client certificate now exists: nothing to do
15:47:33.142 FuQuirks loading quirks from /usr/share/fwupd/quirks.d
15:47:33.142 FuQuirks loading quirks from /var/lib/fwupd/quirks.d
15:47:33.143 FuContext SMBIOS Manufacturer=LENOVO
15:47:33.143 FuContext SMBIOS EnclosureKind=a
15:47:33.143 FuContext SMBIOS Family=ThinkPad P14s Gen 4
15:47:33.143 FuContext SMBIOS ProductName=
15:47:33.143 FuContext SMBIOS ProductSku=LENOVO_MT_21K5_BU_Think_FM_ThinkPad P14s Gen 4
15:47:33.143 FuContext SMBIOS BiosVendor=LENOVO
15:47:33.143 FuContext SMBIOS BiosVersion=R2FET36W (1.16 )
15:47:33.143 FuContext SMBIOS BiosMajorRelease=01
15:47:33.143 FuContext SMBIOS BiosMinorRelease=10
15:47:33.143 FuContext SMBIOS FirmwareMajorRelease=01
15:47:33.143 FuContext SMBIOS FirmwareMinorRelease=0e
15:47:33.143 FuContext SMBIOS BaseboardManufacturer=LENOVO
15:47:33.143 FuContext SMBIOS BaseboardProduct=21K5CTO1WW
15:47:33.143 FuContext failed to load fdt: cannot find /sys/firmware/fdt or override /var/lib/fwupd/system.dtb
15:47:33.146 FuContext added udev subsystem watch of firmware-attributes
15:47:33.218 FuBiosSettings loaded 91 BIOS settings
15:47:33.218 FuBiosSettings Disabling changing SecureBoot since Allow3rdPartyUEFICA is Disable
15:47:33.218 FuEngine loading metadata for remote 'vendor-directory'
15:47:33.218 FuEngine ignoring: /usr/share/fwupd/remotes.d/vendor/firmware/README.md
15:47:33.218 FuEngine ignoring: Errore nell'aprire la directory «/var/lib/fwupd/local.d»: File o directory non esistente
15:47:33.218 FuEngine ignoring: Errore nell'aprire la directory «/usr/share/fwupd/local.d»: File o directory non esistente
**
ERROR:../src/xb-lzma-decompressor.c:130:xb_lzma_decompressor_convert: code should not be reached
Bail out! ERROR:../src/xb-lzma-decompressor.c:130:xb_lzma_decompressor_convert: code should not be reached
Thread 1 "fwupd" received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:44
44 ./nptl/pthread_kill.c: File o directory non esistente.
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140737313229568) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=140737313229568, signo=signo at entry=6) at ./nptl/pthread_kill.c:89
#3 0x00007ffff7442476 in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff74287f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x00007ffff7743b57 in g_assertion_message
(domain=<optimized out>, file=<optimized out>, line=<optimized out>, func=0x7ffff7eb4990 "xb_lzma_decompressor_convert", message=<optimized out>) at ../../../glib/gtestutils.c:3253
#6 0x00007ffff779d70f in g_assertion_message_expr
(domain=0x0, file=0x7ffff7eb412e "../src/xb-lzma-decompressor.c", line=130, func=0x7ffff7eb4990 "xb_lzma_decompressor_convert", expr=<optimized out>) at ../../../glib/gtestutils.c:3279
#7 0x00007ffff7e9d548 in () at /lib/x86_64-linux-gnu/libxmlb.so.2
#8 0x00007ffff78aeec5 in read_internal
(stream=<optimized out>, buffer=<optimized out>, count=<optimized out>, blocking=1, cancellable=0x0, error=0x7fffffffdeb8) at ../../../gio/gconverterinputstream.c:492
#9 0x00007ffff78dd1f7 in g_input_stream_read
(stream=0x5555555b6960, buffer=0x555555675ed0, count=32768, cancellable=0x0, error=0x7fffffffdeb8)
at ../../../gio/ginputstream.c:198
#10 0x00007ffff7ea324c in xb_builder_compile () at /lib/x86_64-linux-gnu/libxmlb.so.2
#11 0x00007ffff7ea4175 in xb_builder_ensure () at /lib/x86_64-linux-gnu/libxmlb.so.2
#12 0x00007ffff7c8a249 in fu_engine_load_metadata_store
(self=self at entry=0x5555555b2000, flags=flags at entry=78, error=error at entry=0x7fffffffe248)
at ../src/fu-engine.c:4623
#13 0x00007ffff7c916e3 in fu_engine_load
(self=<optimized out>, flags=flags at entry=78, progress=<optimized out>, error=error at entry=0x7fffffffe248)
at ../src/fu-engine.c:8757
#14 0x0000555555561c92 in fu_daemon_setup
(self=self at entry=0x5555555aa010, socket_address=socket_address at entry=0x0, error=error at entry=0x7fffffffe248)
at ../src/fu-daemon.c:2306
#15 0x000055555555c078 in main (argc=<optimized out>, argv=<optimized out>) at ../src/fu-main.c:174
(gdb)
--
This has been fixed upstream via
https://github.com/hughsie/libxmlb/pull/133 so it would be a nice
backport for 22.04, since it may prevent system updates.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxmlb/+bug/2051141/+subscriptions
More information about the foundations-bugs
mailing list