1722215 – glibc: During exit, skip wide buffer handling for legacy stdio handles

Bug 1722215 - glibc: During exit, skip wide buffer handling for legacy stdio handles

Summary: glibc: During exit, skip wide buffer handling for legacy stdio handles

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	8.2
Hardware:	i686
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	glibc team
QA Contact:	qe-baseos-tools-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	1722216
Blocks:	1684559
TreeView+	depends on / blocked

Reported:	2019-06-19 17:26 UTC by Florian Weimer
Modified:	2023-07-18 14:30 UTC (History)
CC List:	7 users (show)
Fixed In Version:	glibc-2.28-72.el8
Doc Type:	Bug Fix
Doc Text:	A defect in the library security hardening could cause legacy 32-bit x86 binaries to crash during exit. The security hardening has been adjusted to account for the API uses of the legacy 32-bit x86 binaries. Legacy 32-bit x86 binaries should no longer crash.
Clone Of:
Clones:	1722216 (view as bug list)
Environment:
Last Closed:	2019-11-05 21:29:05 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1688841	unspecified	CLOSED	glibc's free() crashes with ulimit -s unlimited when exiting from java -version	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHSA-2019:3513	None	None	None	2019-11-05 21:29:23 UTC
Sourceware	24228	None	None	None	2019-08-06 16:15:43 UTC

Description Florian Weimer 2019-06-19 17:26:43 UTC

This commit, which went into glibc 2.23, introduces wide stream buffer deallocation during the exit produces:

commit a601b74d31ca086de38441d316a3dee24c866305
Author: Paul Pluzhnikov <ppluzhnikov>
Date:   Sat Aug 8 16:27:58 2015 -0700

    In preparation for fixing BZ#16734, fix failure in misc/tst-error1-mem
    when _G_HAVE_MMAP is turned off.

This results in an out-of-bounds access with unpredictable consequences during process shutdown for i386 binaries which enable the legacy stdio handles.

Usually, this is supposed to happen only for very old binaries, but it turns out that the launchers in OpenJDK 8 are linked in such a way that this happens for them as well.  See bug 1688841 for details.

To maximize compatibility, we should backport the eventual upstream fix to glibc.

Comment 3 Florian Weimer 2019-06-24 15:29:16 UTC

The upstream patch has been committed:


commit 21cc130b78a4db9113fb6695e2b951e697662440
Author: Dmitry V. Levin <ldv>
Date:   Wed Feb 13 01:20:51 2019 +0000

    libio: do not attempt to free wide buffers of legacy streams [BZ #24228]

Comment 6 Sergey Kolosov 2019-08-21 08:02:08 UTC

Verified based on https://bugzilla.redhat.com/show_bug.cgi?id=1722215#c1, the bug is reproducible on glibc-2.28-71.el8 and doesn't on glibc-2.28-71.el8

Comment 8 errata-xmlrpc 2019-11-05 21:29:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3513

Note You need to log in before you can comment on or make changes to this bug.