Opened 6 years ago
Last modified 6 years ago
#18002 new defect
Heap corruption in VBoxSVC.exe leading to a crash (possibly due to double free)
Reported by: | idrassi | Owned by: | |
---|---|---|---|
Component: | other | Version: | VirtualBox 5.2.18 |
Keywords: | VBoxSVC Crash HeapCorruption | Cc: | |
Guest type: | Linux | Host type: | Windows |
Description
I have encountered a crash of latest VBoxSVC.exe 5.2.18.24319 on a Windows 10 host while running two VMs in parallel (one Windows VM and one Linux VM). The crash happend while I was accessing internet resources from the Linux VM.
I have collected a crash dump which indicates that the crash is caused by a heap corruption in VBoxSVC.exe while calling free function from msvcr100.dll. So, this looks like a double-free issue in VBoxSVC.exe.
I could not find a way to reproduce this crash. Usually, I run 3 or 4 VMs at the same time but VBoxSVC never crashed but this time just with 2 VMs and no extensive CPU load (just internet browsing) and it crashed.
I'm attaching the full log from Linux machine. For the crash dump, I can post it but since it is related to potential double free issue in VBoxSVC which are sometime a security vulnerability I prefer to confirm with you first that it is ok to post here.
Attachments (1)
Change History (6)
by , 6 years ago
comment:1 by , 6 years ago
comment:2 by , 6 years ago
Please send the crash dump to alexander (dot) eichner (at) oracle (dot) com and the matching VBoxSVC.log. Thanks!
comment:3 by , 6 years ago
Email sent encrypted with PGP Key 0x37FAE132B47831ABE98A2CDD9D6378FD1C6719C7 (subkey 0xB67FA30BEE97C622A0C1 BAD96B6F8379EB3A12FA)
follow-up: 5 comment:4 by , 6 years ago
The core dump showed that the crash in VBoxSVC happened while processing a extradata related API call from the GUI. Unfortunately I couldn't get enough information from the core dump to find the cause of the heap corruption and I also wasn't able to reproduce the issue locally. I couldn't find a possible double free invocation in the affected area. I fear that there is not much we can do without a reproduction scenario because there is no hint where the heap corruption/double free originated from. Do you happen to get this crash on a regular basis or was this a one time event only?
comment:5 by , 6 years ago
Replying to aeichner:
Do you happen to get this crash on a regular basis or was this a one time event only?
According to the OP's statement in the related forum discussion:
I could not find a way to reproduce this crash. I use VirtualBox quiet often and this is the first time I see this. Usually, I run 3 or 4 VMs at the same time but VBoxSVC never crashed but this time just with 2 VMs and no extensive CPU load (just internet browsing) and it crashed.
@idrassi
If, according to aeichner, this is an extradata related API call, could you post your ".vbox" for the VM? Right-click on the VM in the VirtualBox Manager. Select "Show in Explorer".
Attach the selected ".vbox" file to your response.
Related discussion in the forums: https://forums.virtualbox.org/viewtopic.php?f=6&t=89548