VirtualBox

Ticket #12760 (closed defect: fixed)

Opened 14 months ago

Last modified 13 months ago

VBoxSVC segfault with long paths in /dev -> fixed in series 4.3 and later as of 12 March 2014

Reported by: srt Owned by:
Priority: major Component: host support
Version: VirtualBox 4.3.8 Keywords: segfault dev
Cc: Guest type: all
Host type: Linux

Description

VBoxSVC scans /dev and receives a SIGSEG if it encounters a long path in /dev.

Reproduce by executing the following commands:

mkdir -p /dev/0some/very/long/path/that/exceeds/128characters/in/total/and/starts/with/dev/triggers/this/error/as/you/will/see/when/you/try
/usr/lib/virtualbox/VBoxSVC

then start virtualbox in another terminal.

Result is that VBoxSVC crashes:

[1]    8728 segmentation fault (core dumped)  /usr/lib/virtualbox/VBoxSVC

You can run

strace -ff -o vbox /usr/lib/virtualbox/VBoxSVC

to see the cause:

  % tail vbox.8826
lstat("/dev/0some/very/long/path/that/exceeds/128characters/in/total/and/starts/with/dev/triggers/this/error/as/you/will/see/when", {st_mode=S_IFDIR|0755, st_size=60, ...}) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7f3e33716e38} ---
+++ killed by SIGSEGV (core dumped) +++

The core dump shows:

#0  0x00007f512c4a7936 in RTPathAbs () from /usr/lib/virtualbox/VBoxRT.so

Additional observations:

  • The error is not triggered if the current has no permission to access /dev/vboxusb
  • The error is not triggered if the long path is in /dev/shm and /dev/shm is a softlink to a different directory (as on Ubuntu)
  • The error is triggered if the long path is in /dev/shm and /dev/shm is a mount point for a tmpfs filesystem (as on Arch Linux)

Change History

comment:1 Changed 14 months ago by everflux

I can confirm the problem with Ubuntu Linux 13.10. Is this a possible security issue as well?

comment:2 Changed 14 months ago by frank

Thank you for this report. We will fix this problem soon. This is just a normal bug: An unexpected behavior of the environment makes an application crash (stack overflow in this case). This problem is not triggered by the guest but by the host.

comment:3 Changed 14 months ago by michael

Could you try the following test build, or alternatively the public source code at r50705 or later. (If you are building 4.3 yourself the change should apply cleanly to it.)

https://www.virtualbox.org/download/testcase/VirtualBox-4.3.9-92676-Linux_amd64.run

comment:4 Changed 14 months ago by srt

I rebuilt my Arch package with 4.3.8 and the patch for r50705 applied and the bug is gone. Thanks!

comment:5 Changed 14 months ago by michael

  • Summary changed from VBoxSVC segfault with long paths in /dev to VBoxSVC segfault with long paths in /dev -> fixed in series 4.3 and later as of 12 March 2014

Thank you for the feedback.

comment:6 Changed 13 months ago by frank

  • Status changed from new to closed
  • Resolution set to fixed

Fix is part of VBox 4.3.10.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use