Random segv with clamav 103.5 on Fedora 35 #440
Comments
|
Here is part of the backtrace. |
|
Hi @infra-monkey thanks for the report. We've also observed this and are working on a fix. We'll have something to resolve it in the next patch release. |
|
@micahsnyder thank you for the info and the quick reply. I hope to see it land soon in my distro of choice |
|
Hello @micahsnyder |
|
@infra-monkey nope. There has not been a patch release since the initial report. The next patch releases (0.103.6 and 0.104.3) will be in late April and will include the fix. |
|
@micahsnyder thank you for the clarification. I did not understand well the lifecycle. |
micahsnyder
pushed a commit
that referenced
this issue
May 4, 2022
Since converting the hash variable from a stack array to a pointer, the pointer may now be NULL if the file is truncated after the scan starts but before the hash is calculated. This race condition would result in a NULL pointer dereference and crash. This commit adds additional NULL parameter checks. Thanks to Alexander Patrakov and Antoine Gatineau for reporting this issue. Resolves: #440
micahsnyder
pushed a commit
that referenced
this issue
May 4, 2022
Since converting the hash variable from a stack array to a pointer, the pointer may now be NULL if the file is truncated after the scan starts but before the hash is calculated. This race condition would result in a NULL pointer dereference and crash. This commit adds additional NULL parameter checks. Thanks to Alexander Patrakov and Antoine Gatineau for reporting this issue. Resolves: #440
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Clamd randomly crashes and restarts. For example, this morning, it crashed 3 times in half an hour.
Jan 26 09:46:09 monkey-desktop.dyn.empire.lan systemd[1]: Starting clamd scanner (scan) daemon...
Jan 26 09:46:22 monkey-desktop.dyn.empire.lan systemd[1]: Started clamd scanner (scan) daemon.
Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Main process exited, code=killed, status=11/SEGV
Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Failed with result 'signal'.
Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 33.472s CPU time.
Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Scheduled restart job, restart counter is at 1.
Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: Stopped clamd scanner (scan) daemon.
Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 33.472s CPU time.
Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: Starting clamd scanner (scan) daemon...
Jan 26 09:56:24 monkey-desktop.dyn.empire.lan systemd[1]: Started clamd scanner (scan) daemon.
Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Main process exited, code=killed, status=11/SEGV
Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Failed with result 'signal'.
Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 32.066s CPU time.
Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Scheduled restart job, restart counter is at 2.
Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: Stopped clamd scanner (scan) daemon.
Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 32.066s CPU time.
Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: Starting clamd scanner (scan) daemon...
Jan 26 10:14:06 monkey-desktop.dyn.empire.lan systemd[1]: Started clamd scanner (scan) daemon.
Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Main process exited, code=killed, status=11/SEGV
Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Failed with result 'signal'.
Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 17.169s CPU time.
Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Scheduled restart job, restart counter is at 3.
Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: Stopped clamd scanner (scan) daemon.
Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 17.169s CPU time.
Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: Starting clamd scanner (scan) daemon...
Jan 26 10:20:26 monkey-desktop.dyn.empire.lan systemd[1]: Started clamd scanner (scan) daemon.
How to reproduce the problem
I do not have a specific process to reproduce.
Checking configuration files in /etc
Config file: clamd.d/scan.conf
TemporaryDirectory = "/var/tmp"
LocalSocket = "/run/clamd.scan/clamd.sock"
LocalSocketGroup = "virusgroup"
LocalSocketMode = "660"
MaxThreads = "8"
MaxQueue = "24"
ExcludePath = "^/proc/", "^/sys/", "^/dev/", "^/run/", "^/usr/", "^/var/", "^/tmp/", "^/lib*", "^/root/quarantine"
SelfCheck = "28800"
VirusEvent = "/usr/local/bin/clamd-virus-event.sh"
ScanPE disabled
ScanMail disabled
OnAccessMountPath = "/data/home2-monkey", "/home"
OnAccessExcludePath = "^/proc/", "^/sys/", "^/dev/", "^/run/", "^/usr/", "^/var/", "^/tmp/", "^/lib*", "^/root/quarantine"
OnAccessExcludeRootUID = "yes"
OnAccessMaxFileSize = "1048576"
OnAccessMaxThreads = "6"
OnAccessRetryAttempts = "3"
Config file: freshclam.conf
LogRotate = "yes"
DatabaseMirror = "database.clamav.net"
mail/clamav-milter.conf not found
Software settings
Version: 0.103.5
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
Database directory: /var/lib/clamav
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 16:21:51 2021
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
daily.cld: version 26433, sigs: 1972669, built on Tue Jan 25 10:33:19 2022
Total number of signatures: 8620188
Platform information
uname: Linux 5.15.16-200.fc35.x86_64 #1 SMP Thu Jan 20 15:38:18 UTC 2022 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a217e7e08000000020b0201
Build information
GNU C: 11.2.1 20211203 (Red Hat 11.2.1-7) (11.2.1)
CPPFLAGS: -I/usr/include/libprelude
CFLAGS: -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
LDFLAGS: -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -lprelude
Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXX=g++' 'CXXFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1' 'CC=gcc' 'CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 126, dconf: 126
Attachments
I have generated a coredump and backtrace from abrt but the file is over 400MB.
Tell me if you want it to be uploaded and where.
The text was updated successfully, but these errors were encountered: