[Bug 2069821] Re: [VROC] [Ub 24.04] mdadm: buffer overflow detected

Kinga Tanska 2069821 at bugs.launchpad.net
Wed Sep 18 12:11:42 UTC 2024 

Hi,
I confirm that mdadm - v4.3 - 2024-02-15 - Ubuntu 4.3-1ubuntu2 fixes issue on my setup.
On my platform I was able to check it by:

- update mdadm package
- run mdadm --detail-platform

command completed successfully and list platform information correctly.
Without the fix command finished with buffer overflow error.

Please let me know what is the ETA to merge it into main repository.
It is a blocker for our tests suite now.


** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done-noble

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mdadm in Ubuntu.
https://bugs.launchpad.net/bugs/2069821

Title:
  [VROC] [Ub 24.04] mdadm: buffer overflow detected

Status in mdadm package in Ubuntu:
  Fix Released
Status in mdadm source package in Noble:
  Fix Committed
Status in mdadm source package in Oracular:
  Fix Released

Bug description:
  [ Impact ]

  mdadm crashes sporadically with error *** buffer overflow detected ***
  at some invokations:

  - mdadm --detail-pl
  - mdadm -CR /dev/md0 -l1 -n2 /dev/nvme0n1 /dev/nvme1n1
  *** buffer overflow detected ***: terminated
  Aborted (core dumped)

  [ Test Plan ]

  - Install mdadm
  - Issue this command several times:
  mdadm --detail-pl

  [ Where problems could occur ]

  The fix is very small and basically it replaces the unsafe functions call
  to sprintf by calling snprintf for Intel platforms (platform_intel.c)
  I do not expect high regression risk.

  [ Other Info ]

  mdadm is built with FORTIFY_SOURCE=3 (as it is done in Ubuntu 24.04).
  and it uses the unsafe function sprintf() that will cause the
  buffer-overflow error

  It is fixed in mdadm upstream:
  https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=827e1870f320545796d907f50af594e901399417

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/2069821/+subscriptions

More information about the foundations-bugs mailing list