Ubuntu
gdb package

gdb run as root: untrusted .gdbinit causes malloc arena corruption crash

Bug #1131841 reported by Dario Bertini
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gdb
Invalid
Low
gdb (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

When running gdb as root, the existence of ~/.gdbinit (untrusted) causes gdb to
crash with a duplicate free or other heap corruption.

This bug is due to some debian/ubuntu specific patches

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: gdb 7.5-0ubuntu2
ProcVersionSignature: Ubuntu 3.5.0-23.35-generic 3.5.7.2
Uname: Linux 3.5.0-23-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.6.1-0ubuntu10
Architecture: amd64
Date: Fri Feb 22 17:36:12 2013
InstallationDate: Installed on 2011-10-31 (480 days ago)
InstallationMedia: Kubuntu 11.10 "Oneiric Ocelot" - Release amd64+mac (20111012)
MarkForUpload: True
SourcePackage: gdb
UpgradeStatus: Upgraded to quantal on 2012-10-14 (131 days ago)

Revision history for this message
In , Bugz-o (bugz-o) wrote :

Created attachment 6888
Full backtrace

When running gdb as root, the existence of ~/.gdbinit (untrusted) causes gdb to crash with a duplicate free or other heap corruption.

Workaround: "mv ~/.gdbinit ~/gdbinit".

See attachment for full backtrace.

# gdb xxx
GNU gdb (GDB) 7.5-ubuntu
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...

warning: not using untrusted file "/users/joeuser/.gdbinit"
*** glibc detected *** /usr/bin/gdb: double free or corruption (!prev): 0x0000000000f25940 ***

Revision history for this message
In , Tromey-redhat (tromey-redhat) wrote :

(In reply to comment #0)

> GNU gdb (GDB) 7.5-ubuntu

I think this is probably specific to Ubuntu, maybe caused
by one of the patches they apply.

I tried this on my Fedora box using CVS HEAD gdb, and also
the upstream gdb 7.5 build, and it worked fine.

Could you try an upstream gdb?
If it still fails for you, we can try to get a more useful
stack trace.
If it doesn't fail, then I guess we can close this bug.

Revision history for this message
In , S-dave (s-dave) wrote :

I'll bet you're right. Let me build the official 7.5 sources myself and see what happens. I'll let you know.

Thanks... Dave

-----Original Message-----
From: tromey at redhat dot com [mailto:<email address hidden>]
Sent: Friday, February 22, 2013 11:20 AM
To: <email address hidden>
Subject: [Bug gdb/15174] gdb run as root: untrusted .gdbinit causes malloc arena corruption crash

http://sourceware.org/bugzilla/show_bug.cgi?id=15174

Tom Tromey <tromey at redhat dot com> changed:

           What |Removed |Added
----------------------------------------------------------------------------
             Status|NEW |WAITING
                 CC| |tromey at redhat dot com

--- Comment #1 from Tom Tromey <tromey at redhat dot com> 2013-02-22 16:20:17 UTC ---
(In reply to comment #0)

> GNU gdb (GDB) 7.5-ubuntu

I think this is probably specific to Ubuntu, maybe caused
by one of the patches they apply.

I tried this on my Fedora box using CVS HEAD gdb, and also
the upstream gdb 7.5 build, and it worked fine.

Could you try an upstream gdb?
If it still fails for you, we can try to get a more useful
stack trace.
If it doesn't fail, then I guess we can close this bug.

Revision history for this message
In , S-dave (s-dave) wrote :

As you wrote, gdb-7.5 built from the upstream repo works fine. Sorry for the annoyance...

Thanks... Dave

Revision history for this message
Dario Bertini (berdario) wrote :
Revision history for this message
In , Tromey-redhat (tromey-redhat) wrote :

(In reply to comment #3)
> As you wrote, gdb-7.5 built from the upstream repo works fine. Sorry for the
> annoyance...

It is no trouble. It isn't always obvious what bugs are from downstream
patches.

Bug Watch Updater (bug-watch-updater)
Changed in gdb:
importance: Unknown → Low
status: Unknown → Invalid
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gdb (Ubuntu):
status: New → Confirmed
Revision history for this message
Dominik Viererbe (dviererbe) wrote :

Thank you for reporting this bug to Ubuntu.

Ubuntu 12.10 (quantal) reached end-of-life on May 16, 2014.

See this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases

I could not replicate the crash in currently supported versions (focal, jammy, kinetic, lunar, mantic).

We appreciate that this bug may be old and you might not be interested in discussing it anymore. But if you are then please upgrade to the latest Ubuntu version and re-test. If you then find the bug is still present in the newer Ubuntu version, please add a comment here telling us which new version it is in.

Changed in gdb (Ubuntu):
status: Confirmed → Incomplete
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.