Opened 11 years ago
Closed 11 years ago
#12760 closed defect (fixed)
VBoxSVC segfault with long paths in /dev -> fixed in series 4.3 and later as of 12 March 2014
| Reported by: | srt | Owned by: | |
|---|---|---|---|
| Component: | host support | Version: | VirtualBox 4.3.8 |
| Keywords: | segfault dev | Cc: | |
| Guest type: | all | Host type: | Linux |
Description
VBoxSVC scans /dev and receives a SIGSEG if it encounters a long path in /dev.
Reproduce by executing the following commands:
mkdir -p /dev/0some/very/long/path/that/exceeds/128characters/in/total/and/starts/with/dev/triggers/this/error/as/you/will/see/when/you/try /usr/lib/virtualbox/VBoxSVC
then start virtualbox in another terminal.
Result is that VBoxSVC crashes:
[1] 8728 segmentation fault (core dumped) /usr/lib/virtualbox/VBoxSVC
You can run
strace -ff -o vbox /usr/lib/virtualbox/VBoxSVC
to see the cause:
% tail vbox.8826
lstat("/dev/0some/very/long/path/that/exceeds/128characters/in/total/and/starts/with/dev/triggers/this/error/as/you/will/see/when", {st_mode=S_IFDIR|0755, st_size=60, ...}) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7f3e33716e38} ---
+++ killed by SIGSEGV (core dumped) +++
The core dump shows:
#0 0x00007f512c4a7936 in RTPathAbs () from /usr/lib/virtualbox/VBoxRT.so
Additional observations:
- The error is not triggered if the current has no permission to access /dev/vboxusb
- The error is not triggered if the long path is in /dev/shm and /dev/shm is a softlink to a different directory (as on Ubuntu)
- The error is triggered if the long path is in /dev/shm and /dev/shm is a mount point for a tmpfs filesystem (as on Arch Linux)
Change History (6)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
Thank you for this report. We will fix this problem soon. This is just a normal bug: An unexpected behavior of the environment makes an application crash (stack overflow in this case). This problem is not triggered by the guest but by the host.
comment:3 by , 11 years ago
Could you try the following test build, or alternatively the public source code at r50705 or later. (If you are building 4.3 yourself the change should apply cleanly to it.)
https://www.virtualbox.org/download/testcase/VirtualBox-4.3.9-92676-Linux_amd64.run
comment:4 by , 11 years ago
I rebuilt my Arch package with 4.3.8 and the patch for r50705 applied and the bug is gone. Thanks!
comment:5 by , 11 years ago
| Summary: | VBoxSVC segfault with long paths in /dev → VBoxSVC segfault with long paths in /dev -> fixed in series 4.3 and later as of 12 March 2014 |
|---|
Thank you for the feedback.
I can confirm the problem with Ubuntu Linux 13.10. Is this a possible security issue as well?