1656518 – [abrt] fprintd: g_malloc0(): fprintd killed by SIGTRAP

Bug 1656518 - [abrt] fprintd: g_malloc0(): fprintd killed by SIGTRAP

Summary: [abrt] fprintd: g_malloc0(): fprintd killed by SIGTRAP

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libfprint
Sub Component:
Version:	29
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Bastien Nocera
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://retrace.fedoraproject.org/faf...
Whiteboard:	abrt_hash:b55ac7cefaa3cbae3d35564190e...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-12-05 16:53 UTC by lennart_reuther
Modified:	2018-12-06 10:18 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-12-06 10:08:03 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (20.49 KB, text/plain) 2018-12-05 16:53 UTC, lennart_reuther	no flags	Details
File: cgroup (305 bytes, text/plain) 2018-12-05 16:53 UTC, lennart_reuther	no flags	Details
File: core_backtrace (13.05 KB, text/plain) 2018-12-05 16:53 UTC, lennart_reuther	no flags	Details
File: cpuinfo (1.57 KB, text/plain) 2018-12-05 16:53 UTC, lennart_reuther	no flags	Details
File: dso_list (3.51 KB, text/plain) 2018-12-05 16:53 UTC, lennart_reuther	no flags	Details
File: environ (144 bytes, text/plain) 2018-12-05 16:53 UTC, lennart_reuther	no flags	Details
File: limits (1.29 KB, text/plain) 2018-12-05 16:53 UTC, lennart_reuther	no flags	Details
File: maps (23.79 KB, text/plain) 2018-12-05 16:53 UTC, lennart_reuther	no flags	Details
File: mountinfo (6.83 KB, text/plain) 2018-12-05 16:53 UTC, lennart_reuther	no flags	Details
File: open_fds (1.12 KB, text/plain) 2018-12-05 16:54 UTC, lennart_reuther	no flags	Details
File: proc_pid_status (1.28 KB, text/plain) 2018-12-05 16:54 UTC, lennart_reuther	no flags	Details
File: var_log_messages (268 bytes, text/plain) 2018-12-05 16:54 UTC, lennart_reuther	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description lennart_reuther 2018-12-05 16:53:39 UTC

Description of problem:
doing a sudo for remounting a tmpfs file system (so guess, this should be pretty uncorrelated. SE-Linux was throwing lots of notifications in the gnome-shell. 

Version-Release number of selected component:
fprintd-0.8.1-3.fc29

Additional info:
reporter:       libreport-2.9.6
backtrace_rating: 4
cmdline:        /usr/libexec/fprintd
crash_function: g_malloc0
executable:     /usr/libexec/fprintd
journald_cursor: s=f660756ad2664806af02c219ed9f98a6;i=37ec;b=928fb8bb0fd043b89ada15153a072c93;m=156a34cff9;t=57c49103a9b87;x=25c5703ec99b21cc
kernel:         4.19.5-300.fc29.x86_64
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            0

Potential duplicate: bug 1546261

Comment 1 lennart_reuther 2018-12-05 16:53:44 UTC

Created attachment 1511794 [details]
File: backtrace

Comment 2 lennart_reuther 2018-12-05 16:53:46 UTC

Created attachment 1511795 [details]
File: cgroup

Comment 3 lennart_reuther 2018-12-05 16:53:48 UTC

Created attachment 1511796 [details]
File: core_backtrace

Comment 4 lennart_reuther 2018-12-05 16:53:49 UTC

Created attachment 1511797 [details]
File: cpuinfo

Comment 5 lennart_reuther 2018-12-05 16:53:51 UTC

Created attachment 1511798 [details]
File: dso_list

Comment 6 lennart_reuther 2018-12-05 16:53:53 UTC

Created attachment 1511799 [details]
File: environ

Comment 7 lennart_reuther 2018-12-05 16:53:54 UTC

Created attachment 1511800 [details]
File: limits

Comment 8 lennart_reuther 2018-12-05 16:53:57 UTC

Created attachment 1511801 [details]
File: maps

Comment 9 lennart_reuther 2018-12-05 16:53:58 UTC

Created attachment 1511802 [details]
File: mountinfo

Comment 10 lennart_reuther 2018-12-05 16:54:00 UTC

Created attachment 1511803 [details]
File: open_fds

Comment 11 lennart_reuther 2018-12-05 16:54:01 UTC

Created attachment 1511804 [details]
File: proc_pid_status

Comment 12 lennart_reuther 2018-12-05 16:54:02 UTC

Created attachment 1511805 [details]
File: var_log_messages

Comment 13 Bastien Nocera 2018-12-06 10:08:03 UTC

Looks like a integer overflow in the assembling functions:

        msg_alloc = 0x56415598dd30 "gmem.c:135: failed to allocate 18446744073709551612 bytes"


#4  0x00007f4ea042702a in g_malloc0 (n_bytes=n_bytes@entry=18446744073709551612) at gmem.c:134
        mem = <optimized out>
#5  0x00007f4ea07b1afb in median_filter (filtersize=25, size=-1, data=0x0) at ../libfprint/assembling.c:317
        i = <optimized out>
        result = <optimized out>
        sortbuf = <optimized out>
        i = <optimized out>
        result = <optimized out>
        sortbuf = <optimized out>
        i1 = <optimized out>
        i2 = <optimized out>
#6  fpi_assemble_lines (ctx=ctx@entry=0x7f4ea08163c0 <assembling_ctx>, lines=0x56415598d790, lines_len=1) at ../libfprint/assembling.c:400
        i = 0
        row1 = 0x56415598d790
        row2 = <optimized out>
        y = 0
        line_ind = 0
        offsets = 0x0
        output = 0x5641559cfed0 ""
        img = <optimized out>
        __func__ = "fpi_assemble_lines"

Ultimately it's a bug in the vfs5011 driver though, which is a device I don't have access to.

The crasher fix is here, and will be in the next version of libfprint:
https://gitlab.freedesktop.org/libfprint/libfprint/merge_requests/37

This is the driver bug:
https://gitlab.freedesktop.org/libfprint/libfprint/issues/135

Comment 14 lennart_reuther 2018-12-06 10:18:44 UTC

Hi Bastien, that's great news. Thanks for taking care within a really timely manner. Cheers from Cologne, L.

Note You need to log in before you can comment on or make changes to this bug.