Ubuntu
consolekit package

consolekit: ck-get-x11-display-device segmentation fault

Bug #1130923 reported by Aleix Conchillo Flaqué
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
consolekit (Ubuntu)
Fix Released
High
Brian Murray
Precise
Fix Released
High
Brian Murray
Quantal
Fix Released
High
Brian Murray

Bug Description

Just updated to 12.04. Everytime I logged into GNOME 3 I got a segmentation fault from consolekit, specifically ck-get-x11-display-device (see below). After downloading and building package source I found out that this is because I have a hardware device that has a long name (blackmagic_serial has 17 characters):

$ cat /proc/drivers
/dev/tty /dev/tty 5 0 system:/dev/tty
/dev/console /dev/console 5 1 system:console
/dev/ptmx /dev/ptmx 5 2 system
/dev/vc/0 /dev/vc/0 4 0 system:vtmaster
rfcomm /dev/rfcomm 216 0-255 serial
blackmagic_serial /dev/blackmagic_serial 249 0-31 serial
ttyprintk /dev/ttyprintk 5 3 console
serial /dev/ttyS 4 64-111 serial
pty_slave /dev/pts 136 0-1048575 pty:slave
pty_master /dev/ptm 128 0-1048575 pty:master
unknown /dev/tty 4 1-63 console

However in src/ck-sysdeps-linux.c:

typedef struct tty_map_node {
        struct tty_map_node *next;
        guint major_number;
        guint minor_first;
        guint minor_last;
        char name[16];
        char devfs_type;
} tty_map_node;

The following patch solves this issue (simply increasing the array size):

--- ck-sysdeps-linux.c.orig 2013-02-20 13:17:46.971181590 -0800
+++ ck-sysdeps-linux.c 2013-02-20 13:18:04.491182079 -0800
@@ -93,7 +93,7 @@
         guint major_number;
         guint minor_first;
         guint minor_last;
- char name[16];
+ char name[32];
         char devfs_type;
 } tty_map_node;

===================================================

*** buffer overflow detected ***: /usr/lib/ConsoleKit/ck-get-x11-display-device terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f5310f48807]
/lib/x86_64-linux-gnu/libc.so.6(+0x109700)[0x7f5310f47700]
/lib/x86_64-linux-gnu/libc.so.6(+0x1089e6)[0x7f5310f469e6]
/usr/lib/ConsoleKit/ck-get-x11-display-device[0x401f48]
/usr/lib/ConsoleKit/ck-get-x11-display-device[0x402355]
/usr/lib/ConsoleKit/ck-get-x11-display-device[0x401823]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f5310e5f76d]
/usr/lib/ConsoleKit/ck-get-x11-display-device[0x401935]
======= Memory map: ========
00400000-00404000 r-xp 00000000 08:21 4722213 /usr/lib/ConsoleKit/ck-get-x11-display-device
00603000-00604000 r--p 00003000 08:21 4722213 /usr/lib/ConsoleKit/ck-get-x11-display-device
00604000-00605000 rw-p 00004000 08:21 4722213 /usr/lib/ConsoleKit/ck-get-x11-display-device
01628000-01649000 rw-p 00000000 00:00 0 [heap]
7f530fd9b000-7f530fdb0000 r-xp 00000000 08:21 25952362 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f530fdb0000-7f530ffaf000 ---p 00015000 08:21 25952362 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f530ffaf000-7f530ffb0000 r--p 00014000 08:21 25952362 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f530ffb0000-7f530ffb1000 rw-p 00015000 08:21 25952362 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f530ffb1000-7f530ffb6000 r-xp 00000000 08:21 4724829 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f530ffb6000-7f53101b5000 ---p 00005000 08:21 4724829 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f53101b5000-7f53101b6000 r--p 00004000 08:21 4724829 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f53101b6000-7f53101b7000 rw-p 00005000 08:21 4724829 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f53101b7000-7f53101b9000 r-xp 00000000 08:21 4719404 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f53101b9000-7f53103b8000 ---p 00002000 08:21 4719404 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f53103b8000-7f53103b9000 r--p 00001000 08:21 4719404 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f53103b9000-7f53103ba000 rw-p 00002000 08:21 4719404 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f53103ba000-7f53103c1000 r-xp 00000000 08:21 25952566 /lib/x86_64-linux-gnu/librt-2.15.so
7f53103c1000-7f53105c0000 ---p 00007000 08:21 25952566 /lib/x86_64-linux-gnu/librt-2.15.so
7f53105c0000-7f53105c1000 r--p 00006000 08:21 25952566 /lib/x86_64-linux-gnu/librt-2.15.so
7f53105c1000-7f53105c2000 rw-p 00007000 08:21 25952566 /lib/x86_64-linux-gnu/librt-2.15.so
7f53105c2000-7f53105da000 r-xp 00000000 08:21 25952564 /lib/x86_64-linux-gnu/libpthread-2.15.so
7f53105da000-7f53107d9000 ---p 00018000 08:21 25952564 /lib/x86_64-linux-gnu/libpthread-2.15.so
7f53107d9000-7f53107da000 r--p 00017000 08:21 25952564 /lib/x86_64-linux-gnu/libpthread-2.15.so
7f53107da000-7f53107db000 rw-p 00018000 08:21 25952564 /lib/x86_64-linux-gnu/libpthread-2.15.so
7f53107db000-7f53107df000 rw-p 00000000 00:00 0
7f53107df000-7f531081b000 r-xp 00000000 08:21 25952333 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7f531081b000-7f5310a1a000 ---p 0003c000 08:21 25952333 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7f5310a1a000-7f5310a1b000 r--p 0003b000 08:21 25952333 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7f5310a1b000-7f5310a1c000 rw-p 0003c000 08:21 25952333 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7f5310a1c000-7f5310a1e000 r-xp 00000000 08:21 25952370 /lib/x86_64-linux-gnu/libdl-2.15.so
7f5310a1e000-7f5310c1e000 ---p 00002000 08:21 25952370 /lib/x86_64-linux-gnu/libdl-2.15.so
7f5310c1e000-7f5310c1f000 r--p 00002000 08:21 25952370 /lib/x86_64-linux-gnu/libdl-2.15.so
7f5310c1f000-7f5310c20000 rw-p 00003000 08:21 25952370 /lib/x86_64-linux-gnu/libdl-2.15.so
7f5310c20000-7f5310c3d000 r-xp 00000000 08:21 4724832 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f5310c3d000-7f5310e3c000 ---p 0001d000 08:21 4724832 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f5310e3c000-7f5310e3d000 r--p 0001c000 08:21 4724832 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f5310e3d000-7f5310e3e000 rw-p 0001d000 08:21 4724832 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f5310e3e000-7f5310ff3000 r-xp 00000000 08:21 25952562 /lib/x86_64-linux-gnu/libc-2.15.so
7f5310ff3000-7f53111f2000 ---p 001b5000 08:21 25952562 /lib/x86_64-linux-gnu/libc-2.15.so
7f53111f2000-7f53111f6000 r--p 001b4000 08:21 25952562 /lib/x86_64-linux-gnu/libc-2.15.so
7f53111f6000-7f53111f8000 rw-p 001b8000 08:21 25952562 /lib/x86_64-linux-gnu/libc-2.15.so
7f53111f8000-7f53111fd000 rw-p 00000000 00:00 0
7f53111fd000-7f53112ef000 r-xp 00000000 08:21 25952337 /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3
7f53112ef000-7f53114ef000 ---p 000f2000 08:21 25952337 /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3
7f53114ef000-7f53114f0000 r--p 000f2000 08:21 25952337 /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3
7f53114f0000-7f53114f1000 rw-p 000f3000 08:21 25952337 /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3
7f53114f1000-7f53114f2000 rw-p 00000000 00:00 0
7f53114f2000-7f5311621000 r-xp 00000000 08:21 4721138 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f5311621000-7f5311821000 ---p 0012f000 08:21 4721138 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f5311821000-7f5311822000 r--p 0012f000 08:21 4721138 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f5311822000-7f5311826000 rw-p 00130000 08:21 4721138 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f5311826000-7f5311848000 r-xp 00000000 08:21 25952577 /lib/x86_64-linux-gnu/ld-2.15.so
7f5311a22000-7f5311a28000 rw-p 00000000 00:00 0
7f5311a3e000-7f5311a3f000 rw-p 00000000 00:00 0
7f5311a3f000-7f5311a46000 r--s 00000000 08:21 4729389 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7f5311a46000-7f5311a48000 rw-p 00000000 00:00 0
7f5311a48000-7f5311a49000 r--p 00022000 08:21 25952577 /lib/x86_64-linux-gnu/ld-2.15.so
7f5311a49000-7f5311a4b000 rw-p 00023000 08:21 25952577 /lib/x86_64-linux-gnu/ld-2.15.so
7fff9f81e000-7fff9f83f000 rw-p 00000000 00:00 0 [stack]
7fff9f8b2000-7fff9f8b3000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

Revision history for this message
Aleix Conchillo Flaqué (aconchillo) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "ck-sysdeps-linux.c.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Brian Murray (brian-murray)
Changed in consolekit (Ubuntu):
status: New → Triaged
importance: Undecided → High
Brian Murray (brian-murray)
Changed in consolekit (Ubuntu Precise):
status: New → Triaged
importance: Undecided → High
Changed in consolekit (Ubuntu Quantal):
status: New → Triaged
importance: Undecided → High
Brian Murray (brian-murray)
Changed in consolekit (Ubuntu):
assignee: nobody → Brian Murray (brian-murray)
Changed in consolekit (Ubuntu Quantal):
assignee: nobody → Brian Murray (brian-murray)
Changed in consolekit (Ubuntu Precise):
assignee: nobody → Brian Murray (brian-murray)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package consolekit - 0.4.5-3.1ubuntu2

---------------
consolekit (0.4.5-3.1ubuntu2) raring; urgency=low

  * debian/patches/04-long_device_names.patch: allow for device names longer
    than 16 characters. Thanks to Aleix Conchillo Flaqué for the patch.
    (LP: #1130923)
 -- Brian Murray <email address hidden> Mon, 04 Mar 2013 10:58:51 -0800

Changed in consolekit (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Chris Halse Rogers (raof) wrote :

It's not clear to me why we've arbitrarily increased 16 to 32, rather than PATH_MAX; it seems like there's still a potential edge case to hit here.

That said, there probably aren't _that_ many devices with 32 character names.

Changed in consolekit (Ubuntu Precise):
status: Triaged → Fix Committed
tags: added: verification-needed
Revision history for this message
Chris Halse Rogers (raof) wrote : Please test proposed package

Hello Aleix, or anyone else affected,

Accepted consolekit into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/consolekit/0.4.5-2ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Chris Halse Rogers (raof) wrote :

Hello Aleix, or anyone else affected,

Accepted consolekit into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/consolekit/0.4.5-3ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in consolekit (Ubuntu Quantal):
status: Triaged → Fix Committed
Revision history for this message
Aleix Conchillo Flaqué (aconchillo) wrote :

OK, just installed 0.4.5-3ubuntu0.1 and it seems to work fine. Thanks!

Yes, I guess PATH_MAX would have been the right thing, you are right. But as you say, I don't think there are many devices with names longer than 32 characters.

Brian Murray (brian-murray)
tags: added: verification-done-quantal
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package consolekit - 0.4.5-3ubuntu0.1

---------------
consolekit (0.4.5-3ubuntu0.1) quantal; urgency=low

  * debian/patches/04-long_device_names.patch: allow for device names longer
    than 16 characters. Thanks to Aleix Conchillo Flaqué for the patch.
    (LP: #1130923)
 -- Brian Murray <email address hidden> Mon, 04 Mar 2013 11:40:06 -0800

Changed in consolekit (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
Bartosz Kosiorek (gang65) wrote :

After install consolekit package from precise-proposed, everything works perfectly.

Verification done.

Thanks.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package consolekit - 0.4.5-2ubuntu0.1

---------------
consolekit (0.4.5-2ubuntu0.1) precise-proposed; urgency=low

  * debian/patches/04-long_device_names.patch: allow for device names longer
    than 16 characters. Thanks to Aleix Conchillo Flaqué for the patch.
    (LP: #1130923)
 -- Brian Murray <email address hidden> Mon, 04 Mar 2013 12:14:32 -0800

Changed in consolekit (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Colin Watson (cjwatson) wrote : Update Released

The verification of the Stable Release Update for consolekit has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.