** Description changed: - The following fixes are in 2.32 and also need to be backported to - bionic, artful, and xenial: + [Impact] + lscpu prior to 2.32 does not correctly check for NULL members in min/max CPU frequency arrays and can call atof() on them, leading to crashes. It seems that's what caused the verification to fail for bug 1732865. The following fixes have been committed upstream: - https://github.com/karelzak/util-linux/commit/0145d84a381fc2fcd7d37e0dbf3d9dff69609ecd - https://github.com/karelzak/util-linux/commit/95f09bc63c564c50ec2c393352801cc056faaea2 + from 2.30: https://github.com/karelzak/util- + linux/commit/0145d84a381fc2fcd7d37e0dbf3d9dff69609ecd - This should also fix the crash in bug 1732865 + from 2.32: https://github.com/karelzak/util- + linux/commit/95f09bc63c564c50ec2c393352801cc056faaea2 + + I plan to backport them to xenial (both patches); and artful, bionic + (second patch, they are > 2.30). + + [Regression potential] + The worst possible regression is that lscpu would fail to correctly report min/max frequencies, but it seems unlikely, as we're only adding checks against null pointers / move an atof into a loop. + + [Test case] + I'm afraid I don't have a test case, the bugs only manifest on some CPUs, and I don't know which.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1771345 Title: lscpu possible crash in min/max frequency Status in util-linux package in Ubuntu: Fix Committed Status in util-linux source package in Xenial: Triaged Status in util-linux source package in Artful: Triaged Status in util-linux source package in Bionic: Triaged Bug description: [Impact] lscpu prior to 2.32 does not correctly check for NULL members in min/max CPU frequency arrays and can call atof() on them, leading to crashes. It seems that's what caused the verification to fail for bug 1732865. The following fixes have been committed upstream: from 2.30: https://github.com/karelzak/util- linux/commit/0145d84a381fc2fcd7d37e0dbf3d9dff69609ecd from 2.32: https://github.com/karelzak/util- linux/commit/95f09bc63c564c50ec2c393352801cc056faaea2 I plan to backport them to xenial (both patches); and artful, bionic (second patch, they are > 2.30). [Regression potential] The worst possible regression is that lscpu would fail to correctly report min/max frequencies, but it seems unlikely, as we're only adding checks against null pointers / move an atof into a loop. [Test case] I'm afraid I don't have a test case, the bugs only manifest on some CPUs, and I don't know which. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1771345/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
