[pkg-db-devel] Bug#652036: db: Salvaging db_dump triggers endless loop on certain broken databases since Berkeley DB 4.7

Lionel Debroux lionel_debroux at yahoo.fr
Mon Jan 5 16:07:20 UTC 2015


Hi,

On Debian sid amd64, I recently experienced unbounded CPU consumption
in mocp (terminal-based music player, "moc" source package) upon
restart. Examining the internal DB used by mocp (with db5.3_verify)
indicated that a full page had been zeroed out, presumably as a
consequence of a forced computer shutdown.
A search in Debian BTS found this bug (#652036).


I can confirm that contemporary db5.3_dump from sid still can't cope
with the DB provided by Stephan Sürken more than three years ago.


I'll add (but that may warrant opening a fresh bug report ?) that the
db5.3_* tools display at least three kinds of incorrect behaviour upon
invalid input, as shown by the following simple reproducer:

#!/bin/sh
rm -f test.db
echo -e "key\nvalue" | db5.3_load -T -t hash test.db
zzuf -qcs 0:1000 -C 10 -U 3 db5.3_verify test.db
zzuf -qcs 0:1000 -C 10 -U 3 db5.3_dump test.db


Terminal output:
zzuf[s=1,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=12,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=64,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=66,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=110,r=0.004]: signal 8 (SIGFPE)
zzuf[s=188,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=290,r=0.004]: signal 8 (SIGFPE)
zzuf[s=298,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=320,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=327,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=1,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=12,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=39,r=0.004]: signal 11 (SIGSEGV)
zzuf[s=73,r=0.004]: signal 11 (SIGSEGV)
zzuf[s=81,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=88,r=0.004]: signal 11 (SIGSEGV)
zzuf[s=110,r=0.004]: signal 8 (SIGFPE)
zzuf[s=111,r=0.004]: signal 11 (SIGSEGV)
zzuf[s=120,r=0.004]: signal 9 (memory exceeded?)
zzuf[s=130,r=0.004]: signal 9 (memory exceeded?)


Already mentioned on oss-sec: http://seclists.org/oss-sec/2014/q4/776


Regards,
Lionel Debroux.



More information about the pkg-db-devel mailing list