Ubuntu
libjpeg-turbo package

Initialization leaks file descriptors to /proc/self/auxv

Bug #1189939 reported by Forest Bond on 2013-06-11

This bug affects 5 people

	Status	Importance	Assigned to
libjpeg-turbo (Ubuntu)	Invalid	High	Unassigned
Precise	Fix Released	High	Unassigned
Quantal	Invalid	Undecided	Unassigned
Raring	Invalid	Undecided	Unassigned
Saucy	Invalid	High	Unassigned

Bug Description

[impact]
In precise only, an Ubuntu-specific patch (FixLibraryStartup.patch) causes /proc/self/auxv to be opened on library initialization, but the file is never closed. For long running processes that periodically re-initialize the library (Firefox's plugin-container loading the VLC plugin for me), this leads to the available file descriptors being exhausted.

This also causes https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1177684.

[test case]
Fresh and clean Ubuntu Precise 12.04.2 install

# apt-get install apache2-mpm-itk libapache2-mod-php5 php5-gd

Restart Apache to ensure gd.so is loaded

# for pid in `pidof apache2`; do find /proc/$pid/fd -ls; done | awk '/auxv/ {print $11" "$12" "$13}'
# apache2ctl graceful
# for pid in `pidof apache2`; do find /proc/$pid/fd -ls; done | awk '/auxv/ {print $11" "$12" "$13}'
# apache2ctl graceful
# for pid in `pidof apache2`; do find /proc/$pid/fd -ls; done | awk '/auxv/ {print $11" "$12" "$13}'
.. etc

[regression potential]
This affects patch designed for ARM. Although all it does it properly close the file descriptor, I have not specifically tested it on ARM.

See original description

Tags:

Related branches

lp:ubuntu/precise-proposed/libjpeg-turbo

Revision history for this message

Forest Bond (forest-bond) wrote on 2013-06-11:

Patch (debdiff) addressing issue Edit (11.3 KiB, text/plain)

description:

updated

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2013-06-11:

The attachment "Patch (debdiff) addressing issue" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags:

added: patch

Revision history for this message

Sander Smeenk (ubuntu-freshdot) wrote on 2013-06-11:

Confirmed. https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1177684 is affected by this.

Changed in libjpeg-turbo (Ubuntu):
status:	New → Confirmed

Serge Hallyn (serge-hallyn) on 2013-06-12

no longer affects:	php5 (Ubuntu)
Changed in libjpeg-turbo (Ubuntu):
importance:	Undecided → High

Revision history for this message

Serge Hallyn (serge-hallyn) wrote on 2013-06-12:

Oh, it seems I looked too quickly. The fixlibrarystartup patch is still in debian/patches in saucy, but it is not actually applied (and the context code is gone).

So this bug does not affect saucy (or quantal or raring), only precise.

Therefore: my nominations for q/r should be dropped, bug should be fix released, and the precise task should be set to triaged/high.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2013-06-19:

Patch looks good, ACK.
Uploaded to precise for processing by the SRU team.

Changed in libjpeg-turbo (Ubuntu Saucy):
status:	Confirmed → Invalid
Changed in libjpeg-turbo (Ubuntu Quantal):
status:	New → Invalid
Changed in libjpeg-turbo (Ubuntu Precise):
status:	New → Confirmed
importance:	Undecided → High
Changed in libjpeg-turbo (Ubuntu Raring):
status:	New → Invalid

Marc Deslauriers (mdeslaur) on 2013-06-19

description:

updated

Revision history for this message

Chris Halse Rogers (raof) wrote on 2013-10-09: Please test proposed package

Hello Forest, or anyone else affected,

Accepted libjpeg-turbo into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/libjpeg-turbo/1.1.90+svn733-0ubuntu4.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in libjpeg-turbo (Ubuntu Precise):
status:	Confirmed → Fix Committed
tags:	added: verification-needed

Revision history for this message

Klaus S. Madsen (ubuntu-hjernemadsen) wrote on 2014-06-06: Re: Initialization leaks file descriptors to /prox/self/auxv

Hi,

I seems that this package have been pushed out of proposed to make way for a security fix.

I've compiled the package by hand to test it, and can confirm that it solves our issue with leaked filedescriptors.

Any chance of getting a new version into proposed, so that we can get this fix out?

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2014-06-06:

I have uploaded a 1.1.90+svn733-0ubuntu4.4 package with the fix applied for processing by the SRU team. Thanks!

Changed in libjpeg-turbo (Ubuntu Precise):
status:	Fix Committed → In Progress

Revision history for this message

Chris Halse Rogers (raof) wrote on 2014-06-18: Please test proposed package

Hello Forest, or anyone else affected,

Accepted libjpeg-turbo into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/libjpeg-turbo/1.1.90+svn733-0ubuntu4.4 in a few hours, and then in the -proposed repository.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in libjpeg-turbo (Ubuntu Precise):
status:	In Progress → Fix Committed

Revision history for this message

Christian (christian-p-m) wrote on 2014-07-16: Re: Initialization leaks file descriptors to /prox/self/auxv

#10

Works for me with libjpeg-turbo8 version 1.1.90+svn733-0ubuntu4.4.
thanks!

tags:

added: verification-done
removed: verification-needed

Revision history for this message

Colin Watson (cjwatson) wrote on 2014-07-16: Update Released

#11

The verification of the Stable Release Update for libjpeg-turbo has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

summary:

- Initialization leaks file descriptors to /prox/self/auxv
+ Initialization leaks file descriptors to /proc/self/auxv

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-07-16:

#12

This bug was fixed in the package libjpeg-turbo - 1.1.90+svn733-0ubuntu4.4

---------------
libjpeg-turbo (1.1.90+svn733-0ubuntu4.4) precise; urgency=medium

* Updated FixLibraryStartup.patch to properly close /proc/self/auxv.
(LP: #1189939)
-- Forest Bond <email address hidden> Fri, 06 Jun 2014 09:07:38 -0400