Bug 1652604
Summary: | There is an illegal address access at src/pool.h:331 pool_whatprovides in libsolv. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | shuitao gan <ganshuitao> | ||||
Component: | libsolv | Assignee: | Jaroslav Rohel <jrohel> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Karel Srot <ksrot> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 8.1 | CC: | dmach, ganshuitao, jmracek, nsl | ||||
Target Milestone: | rc | Keywords: | Triaged | ||||
Target Release: | 8.0 | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | libsolv-0.6.35-4.el8 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2019-06-14 01:46:42 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Please, which version of libsolv do you have? The "libsolv2.4" seems strange. In RHEL 8 is "libsolv-0.6.35". Appears to be CVE-2018-20534. |
Created attachment 1507933 [details] ./testsolv POC1 version: libsolv2.4 Summary: There is an illegal address access at src/pool.h:331 pool_whatprovides in libsolv. Description: The asan debug is as follows: $./testsolv POC1 ================================================================= ==37277==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000002f0 (pc 0x7f31501d3bd2 bp 0x7ffcfe4d4a50 sp 0x7ffcfe4d4a30 T0) #0 0x7f31501d3bd1 in pool_whatprovides /home/company/real_sanitize/libsolv-master/src/pool.h:331 #1 0x7f31501d895e in testcase_str2solvid /home/company/real_sanitize/libsolv-master/ext/testcase.c:793 #2 0x7f31501e8388 in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2807 #3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148 #4 0x7f314fa8da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) #5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/company/real_sanitize/libsolv-master/src/pool.h:331 pool_whatprovides ==37277==ABORTING