Bug#1041836: marked as done (libc6 2.36-9+deb12u1 stack smashing on some but not all amd64)

To: Aurelien Jarno <aurel32@debian.org>
Subject: Bug#1041836: marked as done (libc6 2.36-9+deb12u1 stack smashing on some but not all amd64)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Thu, 10 Aug 2023 08:09:04 +0000
Message-id: <[🔎] handler.1041836.D1041836.16916548031529697.ackdone@bugs.debian.org>
Reply-to: 1041836@bugs.debian.org
References: <ZNSajm/Kn7qtVBE1@aurel32.net> <169017315036.10181.711257644926784572.reportbug@charlie.y.n>

Your message dated Thu, 10 Aug 2023 10:06:38 +0200
with message-id <ZNSajm/Kn7qtVBE1@aurel32.net>
and subject line Re: Bug#1041836: libc6 2.36-9+deb12u1 stack smashing on some but not all amd64
has caused the Debian Bug report #1041836,
regarding libc6 2.36-9+deb12u1 stack smashing on some but not all amd64
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1041836: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041836
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libc6 2.36-9+deb12u1 stack smashing on some but not all amd64
From: Mike Bird <mgb-debian@yosemite.net>
Date: Sun, 23 Jul 2023 21:32:30 -0700
Message-id: <169017315036.10181.711257644926784572.reportbug@charlie.y.n>

Package: libc6
Version: 2.36-9
Severity: critical
Justification: breaks the whole system

Dear Maintainer,

Installing libc6_2.36-9+deb12u1_amd64.deb on some but not all systems
results in every dynamically linked program dying with a spurious
report of stack smashing.  Getting back to a working system required
use of busybox to get bash-static and also creating a fake perl as a
shell script containing exit 0 (because /bin/true is dynamic) and
then busybox again to wget and dpkg install the 2.36-9.

I repeated this three times to be sure.

Works OK on e.g. Intel(R) Xeon(R) CPU L5520  @ 2.27GHz
Stack smashing on e.g. Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz

Preparing to unpack .../libc6_2.36-9+deb12u1_amd64.deb ...
Unpacking libc6:amd64 (2.36-9+deb12u1) over (2.36-9) ...
*** stack smashing detected ***: terminated
dpkg: error while cleaning up:
 rm command for cleanup subprocess was killed by signal (Aborted)
*** stack smashing detected ***: terminated
E: Sub-process /usr/bin/dpkg exited unexpectedly
# ls -l
*** stack smashing detected ***: terminated
Aborted
#

Both successes and failures were on multiarch systems with i386
although that does not seem to be relevant.


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (2000, 'stable-updates'), (2000, 'stable-security'), (2000, 'stable')
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-10-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash-static
Init: sysvinit (via /sbin/init)

Versions of packages libc6 depends on:
ii  libgcc-s1  12.2.0-14

Versions of packages libc6 recommends:
ii  libidn2-0  2.3.3-1+b1

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.82
ii  glibc-doc              2.36-9+deb12u1
ii  libc-l10n              2.36-9+deb12u1
pn  libnss-nis             <none>
pn  libnss-nisplus         <none>
ii  locales                2.36-9

-- no debconf information

--- End Message ---

--- Begin Message ---

To: Mike Bird <mgb-debian@yosemite.net>

Cc: 1041836-done@bugs.debian.org

Subject: Re: Bug#1041836: libc6 2.36-9+deb12u1 stack smashing on some but not all amd64

From: Aurelien Jarno <aurel32@debian.org>

Date: Thu, 10 Aug 2023 10:06:38 +0200

Message-id: <ZNSajm/Kn7qtVBE1@aurel32.net>

In-reply-to: <202308091557.15855.mgb-debian@yosemite.net>

References: <169017315036.10181.711257644926784572.reportbug@charlie.y.n> <202308091444.26092.mgb-debian@yosemite.net> <ZNQOxg6rJA8SyiBg@aurel32.net> <202308091557.15855.mgb-debian@yosemite.net>
Hi,

On 2023-08-09 15:57, Mike Bird wrote:
> On Wed August 9 2023 15:10:14 Aurelien Jarno wrote:
> > On 2023-08-09 14:44, Mike Bird wrote:
> > > There is a /usr/local/lib/libc.so.6 which is unknown to dpkg and which is
> > > probably an artifact of my recovering from the broken system.  Its md5sum
> > > is identical to that of /lib/x86_64-linux-gnu/libc.so.6 .  I will try
> > > removing that file and also the suggestions below when the laptop is not
> > > in use.
> >
> > That's very likely your issue. I tried to copy the version 2.36-9 of
> > libc.so.6 to /usr/local/lib and upgrade to 2.36-9+deb12u1 and got
> > exactly the same symptoms as you reported.
> 
> Hi Aurelien,
> 
> The /usr/local/lib copy was heavily in use (lsof) so I ran -
>    rm libc.so.6; ldconfig
> - and was then able to upgrade successfully.
> 
> Thank you VERY much for your excellent suggestions.

Thanks for the feedback, I am therefore closing the bug.

Regards
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                     http://aurel32.net
--- End Message ---

Reply to:

Prev by Date: Bug#1041836: libc6 2.36-9+deb12u1 double free abort
Next by Date: [Git][glibc-team/glibc][glibc-2.38] debian/testsuite-xfail-debian.mk: Add hurd-amd64-specific xfails
Previous by thread: tzdata_2023c-10_source.changes ACCEPTED into unstable
Next by thread: [Git][glibc-team/glibc][glibc-2.38] debian/testsuite-xfail-debian.mk: Add hurd-amd64-specific xfails
Index(es):
- Date
- Thread