#12760 closed defect (fixed)

VBoxSVC segfault with long paths in /dev -> fixed in series 4.3 and later as of 12 March 2014

回報者:	srt	負責人:
元件:	host support	版本:	VirtualBox 4.3.8
關鍵字:	segfault dev	副本:
Guest type:	all	Host type:	Linux

描述

VBoxSVC scans /dev and receives a SIGSEG if it encounters a long path in /dev.

Reproduce by executing the following commands:

mkdir -p /dev/0some/very/long/path/that/exceeds/128characters/in/total/and/starts/with/dev/triggers/this/error/as/you/will/see/when/you/try
/usr/lib/virtualbox/VBoxSVC

then start virtualbox in another terminal.

Result is that VBoxSVC crashes:

[1]    8728 segmentation fault (core dumped)  /usr/lib/virtualbox/VBoxSVC

You can run

strace -ff -o vbox /usr/lib/virtualbox/VBoxSVC

to see the cause:

  % tail vbox.8826
lstat("/dev/0some/very/long/path/that/exceeds/128characters/in/total/and/starts/with/dev/triggers/this/error/as/you/will/see/when", {st_mode=S_IFDIR|0755, st_size=60, ...}) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7f3e33716e38} ---
+++ killed by SIGSEGV (core dumped) +++

The core dump shows:

#0  0x00007f512c4a7936 in RTPathAbs () from /usr/lib/virtualbox/VBoxRT.so

Additional observations:

The error is not triggered if the current has no permission to access /dev/vboxusb
The error is not triggered if the long path is in /dev/shm and /dev/shm is a softlink to a different directory (as on Ubuntu)
The error is triggered if the long path is in /dev/shm and /dev/shm is a mount point for a tmpfs filesystem (as on Arch Linux)

更動歷史 (6)

comment:1 11 年前由 everflux 編輯

I can confirm the problem with Ubuntu Linux 13.10. Is this a possible security issue as well?

comment:2 11 年前由 Frank Mehnert 編輯

Thank you for this report. We will fix this problem soon. This is just a normal bug: An unexpected behavior of the environment makes an application crash (stack overflow in this case). This problem is not triggered by the guest but by the host.

comment:3 11 年前由 Michael Thayer 編輯

Could you try the following test build, or alternatively the public source code at r50705 or later. (If you are building 4.3 yourself the change should apply cleanly to it.)

https://www.alldomusa.eu.org/download/testcase/VirtualBox-4.3.9-92676-Linux_amd64.run

comment:4 11 年前由 srt 編輯

I rebuilt my Arch package with 4.3.8 and the patch for r50705 applied and the bug is gone. Thanks!

comment:5 11 年前由 Michael Thayer 編輯

摘要:	VBoxSVC segfault with long paths in /dev → VBoxSVC segfault with long paths in /dev -> fixed in series 4.3 and later as of 12 March 2014

Thank you for the feedback.

comment:6 11 年前由 Frank Mehnert 編輯

狀態:	new → closed
處理結果:	→ fixed

Fix is part of VBox 4.3.10.

注意: 瀏覽 TracTickets 來幫助您使用待辦事項功能

以其他格式下載:

#12760 closed defect (fixed)

VBoxSVC segfault with long paths in /dev -> fixed in series 4.3 and later as of 12 March 2014

描述

更動歷史 (6)

comment:1 11 年 前 由 everflux 編輯

comment:2 11 年 前 由 Frank Mehnert 編輯

comment:3 11 年 前 由 Michael Thayer 編輯

comment:4 11 年 前 由 srt 編輯

comment:5 11 年 前 由 Michael Thayer 編輯

comment:6 11 年 前 由 Frank Mehnert 編輯