[Desktop-packages] [Bug 2060354] Re: Segfaults and assertion failures in Xorg's render/glyph.c

[Launchpad Bug Tracker]

This bug was fixed in the package xorg-server - 2:21.1.7-3ubuntu2.9

---------------
xorg-server (2:21.1.7-3ubuntu2.9) mantic-security; urgency=medium

  * SECURITY REGRESSION: Avoid possible double-free
    - debian/patches/CVE-2024-31083-regression.patch:
      fix a regression caused for a double-free at the last
      changes fixed by CVE-2024-31083 (LP: #2060354)

 -- Leonidas Da Silva Barbosa <leo.barb...@canonical.com>  Tue, 09 Apr
2024 00:20:41 -0300

** Changed in: xorg-server (Ubuntu Mantic)
       Status: In Progress => Fix Released

** Changed in: xwayland (Ubuntu Jammy)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/2060354

Title:
  Segfaults and assertion failures in Xorg's render/glyph.c

Status in X.Org X server:
  Unknown
Status in xorg-server package in Ubuntu:
  Triaged
Status in xwayland package in Ubuntu:
  Triaged
Status in xorg-server source package in Focal:
  In Progress
Status in xorg-server source package in Jammy:
  In Progress
Status in xwayland source package in Jammy:
  Fix Released
Status in xorg-server source package in Mantic:
  Fix Released
Status in xwayland source package in Mantic:
  In Progress
Status in xorg-server source package in Noble:
  Triaged
Status in xwayland source package in Noble:
  Triaged

Bug description:
  I just upgraded xserver-xorg-core and xserver-common to
  2:21.1.4-2ubuntu1.7-22.04.9 and when starting IntelliJ IDEA Ultimate
  EAP (downloaded from JerBrains website) Xorg server crashes with
  segfault:

  X.Org X Server 1.21.1.4
  X Protocol Version 11, Revision 0
  Current Operating System: Linux nazar-pc 6.8.4-x64v4-xanmod1 
#0~20240404.gdb9d4f4 SMP PREEMPT_DYNAMIC Thu Apr  4 20:28:35 UTC x86_64
  Kernel command line: BOOT_IMAGE=/root/boot/vmlinuz-6.8.4-x64v4-xanmod1 
root=UUID=5170aca4-061a-4c6c-ab00-bd7fc8ae6030 ro rootflags=subvol=root 
nosplash amd_iommu=on intel_iommu=on libahci.ignore_sss=1 fastboot
  xorg-server 2:21.1.4-2ubuntu1.7~22.04.9 (For technical support please see 
http://www.ubuntu.com/support) 
  Current version of pixman: 0.40.0
        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
  Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
  (==) Log file: "/var/log/Xorg.0.log", Time: Sat Apr  6 15:28:18 2024
  (==) Using system config directory "/usr/share/X11/xorg.conf.d"
  malloc(): unaligned tcache chunk detected
  (EE) 
  (EE) Backtrace:
  (EE) 0: /usr/lib/xorg/Xorg (OsLookupColor+0x139) [0x5def21b09ab9]
  (EE) 1: /lib/x86_64-linux-gnu/libc.so.6 (__sigaction+0x50) [0x7ec01c442520]
  (EE) 2: /lib/x86_64-linux-gnu/libc.so.6 (pthread_kill+0x12c) [0x7ec01c4969fc]
  (EE) 3: /lib/x86_64-linux-gnu/libc.so.6 (raise+0x16) [0x7ec01c442476]
  (EE) 4: /lib/x86_64-linux-gnu/libc.so.6 (abort+0xd3) [0x7ec01c4287f3]
  (EE) 5: /lib/x86_64-linux-gnu/libc.so.6 (__fsetlocking+0x426) [0x7ec01c489676]
  (EE) 6: /lib/x86_64-linux-gnu/libc.so.6 (timer_settime+0x2cc) [0x7ec01c4a0cfc]
  (EE) 7: /lib/x86_64-linux-gnu/libc.so.6 (malloc+0x33c) [0x7ec01c4a53dc]
  (EE) 8: /usr/lib/xorg/Xorg (SetGlyphPicture+0x15d) [0x5def21a6311d]
  (EE) 9: /usr/lib/xorg/Xorg (AddTraps+0x347a) [0x5def21a6b8da]
  (EE) 10: /usr/lib/xorg/Xorg (SendErrorToClient+0x365) [0x5def21993635]
  (EE) 11: /usr/lib/xorg/Xorg (InitFonts+0x3c4) [0x5def219976b4]
  (EE) 12: /lib/x86_64-linux-gnu/libc.so.6 (__libc_init_first+0x90) 
[0x7ec01c429d90]
  (EE) 13: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0x80) 
[0x7ec01c429e40]
  (EE) 14: /usr/lib/xorg/Xorg (_start+0x25) [0x5def21980605]
  (EE) 
  (EE) 
  Fatal server error:
  (EE) Caught signal 6 (Aborted). Server aborting
  (EE) 
  (EE) 
  Please consult the The X.Org Foundation support 
         at http://wiki.x.org
   for help. 
  (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional 
information.
  (EE) 
  (II) AIGLX: Suspending AIGLX clients for VT switch
  (EE) Server terminated with error (1). Closing log file.

  Downgraded to 2:21.1.3-2ubuntu2 for now and it works. Looks like
  security backports were done incorrectly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/xorg-server/+bug/2060354/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp