RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1722215 - glibc: During exit, skip wide buffer handling for legacy stdio handles
Summary: glibc: During exit, skip wide buffer handling for legacy stdio handles
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: glibc
Version: 8.2
Hardware: i686
OS: Linux
unspecified
unspecified
Target Milestone: rc
: 8.0
Assignee: glibc team
QA Contact: qe-baseos-tools-bugs
URL:
Whiteboard:
Depends On: 1722216
Blocks: 1684559
TreeView+ depends on / blocked
 
Reported: 2019-06-19 17:26 UTC by Florian Weimer
Modified: 2023-07-18 14:30 UTC (History)
7 users (show)

Fixed In Version: glibc-2.28-72.el8
Doc Type: Bug Fix
Doc Text:
A defect in the library security hardening could cause legacy 32-bit x86 binaries to crash during exit. The security hardening has been adjusted to account for the API uses of the legacy 32-bit x86 binaries. Legacy 32-bit x86 binaries should no longer crash.
Clone Of:
: 1722216 (view as bug list)
Environment:
Last Closed: 2019-11-05 21:29:05 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1688841 0 unspecified CLOSED glibc's free() crashes with ulimit -s unlimited when exiting from java -version 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHSA-2019:3513 0 None None None 2019-11-05 21:29:23 UTC
Sourceware 24228 0 None None None 2019-08-06 16:15:43 UTC

Description Florian Weimer 2019-06-19 17:26:43 UTC 
This commit, which went into glibc 2.23, introduces wide stream buffer deallocation during the exit produces:

commit a601b74d31ca086de38441d316a3dee24c866305
Author: Paul Pluzhnikov <ppluzhnikov>
Date:   Sat Aug 8 16:27:58 2015 -0700

    In preparation for fixing BZ#16734, fix failure in misc/tst-error1-mem
    when _G_HAVE_MMAP is turned off.

This results in an out-of-bounds access with unpredictable consequences during process shutdown for i386 binaries which enable the legacy stdio handles.

Usually, this is supposed to happen only for very old binaries, but it turns out that the launchers in OpenJDK 8 are linked in such a way that this happens for them as well.  See bug 1688841 for details.

To maximize compatibility, we should backport the eventual upstream fix to glibc.
Comment 3 Florian Weimer 2019-06-24 15:29:16 UTC 
The upstream patch has been committed:


commit 21cc130b78a4db9113fb6695e2b951e697662440
Author: Dmitry V. Levin <ldv>
Date:   Wed Feb 13 01:20:51 2019 +0000

    libio: do not attempt to free wide buffers of legacy streams [BZ #24228]
Comment 6 Sergey Kolosov 2019-08-21 08:02:08 UTC 
Verified based on https://bugzilla.redhat.com/show_bug.cgi?id=1722215#c1, the bug is reproducible on glibc-2.28-71.el8 and doesn't on glibc-2.28-71.el8
Comment 8 errata-xmlrpc 2019-11-05 21:29:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3513
Note You need to log in before you can comment on or make changes to this bug.