Bug#80360: seemingly reproducable dpkg segfault

To: Sean 'Shaleh' Perry <shaleh@valinux.com>
Cc: debian-dpkg@lists.debian.org, submit@bugs.debian.org
Subject: Bug#80360: seemingly reproducable dpkg segfault
From: Adam Heath <adam@doogie.org>
Date: Fri, 22 Dec 2000 19:48:24 -0600 (CST)
Message-id: <[🔎] Pine.LNX.4.21.0012221942270.4520-100000@yakko>
Reply-to: Adam Heath <adam@doogie.org>, 80360@bugs.debian.org
In-reply-to: <XFMail.20001222084044.shaleh@valinux.com>

package: apt
version: 0.3.19

On Fri, 22 Dec 2000, Sean 'Shaleh' Perry wrote:

> Steps:
> 
> grab base.tgz from potato
> setup resolv.conf and sources.list for potato
> chroot in
> apt-get install dpkg-dev build-essential (due to a bug in apt, you have to
> isntall dpkg-dev first)
> apt-get install strace (you won't get the chance later)
> apt-get install libncurses5-dev libreadline4-dev libssl09-dev libzvt-dev
> ...
> ...
> segfault
> 
> dpkg appears to die during the dpkg --unpack of the 30 some packages at once. 
> I could not figure out how to get strace to give me the entire command line so
> I could try to run dpkg by hand.
> 
> This dies for me every time I try it.

Here's a little more info for the bug:

If you add -o Debug::pkgDPkgPM=true, and then run the displayed dpkg commands
by hand, it works fine, no segfault.  It's only when run under apt that dpkg
has problems.  

<doogie> #0  0x805c070 in strcpy ()
<doogie> #1  0xbfffea48 in ?? ()
<doogie> #2  0x80502cb in strcpy ()
<doogie> #3  0x8051c49 in strcpy ()
<doogie> #4  0x8050f68 in strcpy ()
<doogie> #5  0x804a752 in strcpy ()
<doogie> #6  0x4002da52 in __libc_start_main () from /lib/libc.so.6
<BenC> aha
<BenC> argv is bad, I'm sure
<BenC> I bet there's a string that apt isn't writing a NULL byte at the end
of one of the argv params

And the following patch to apt works around the problem.

--
Index: apt-pkg/deb/dpkgpm.cc
===================================================================
RCS file: /cvs/deity/apt/apt-pkg/deb/dpkgpm.cc,v
retrieving revision 1.17.2.3
diff -u -r1.17.2.3 dpkgpm.cc
--- apt-pkg/deb/dpkgpm.cc	2000/11/30 08:39:22	1.17.2.3
+++ apt-pkg/deb/dpkgpm.cc	2000/12/23 01:46:56
@@ -408,6 +408,8 @@
 	 {
 	    if (I->File[0] != '/')
 	       return _error->Error("Internal Error, Pathname to install is not absolute '%s'",I->File.c_str());
+	    if (Size + strlen(I->File.c_str()) > 1024)
+	       break;
 	    Args[n++] = I->File.c_str();
 	    Size += strlen(Args[n-1]);
 	 }
@@ -416,6 +418,8 @@
       {
 	 for (;I != J && Size < 1024; I++)
 	 {
+	    if (Size + strlen(I->File.c_str()) > 1024)
+	       break;
 	    Args[n++] = I->Pkg.Name();
 	    Size += strlen(Args[n-1]);
 	 }	 
--

This may be a bug in libc6 2.1.3-13 that came with potato, but I don't feel
like debugging that.

----BEGIN GEEK CODE BLOCK----
Version: 3.12
GCS d- s: a-- c+++ UL++++ P+ L++++ !E W+ M o+ K- W--- !O M- !V PS--
PE++ Y+ PGP++ t* 5++ X+ tv b+ D++ G e h*! !r z?
-----END GEEK CODE BLOCK-----
----BEGIN PGP INFO----
Adam Heath <doogie@debian.org>        Finger Print | KeyID
67 01 42 93 CA 37 FB 1E    63 C9 80 1D 08 CF 84 0A | DE656B05 PGP
AD46 C888 F587 F8A3 A6DA  3261 8A2C 7DC2 8BD4 A489 | 8BD4A489 GPG
-----END PGP INFO-----

Reply to:

Follow-Ups:
- Re: Bug#80360: seemingly reproducable dpkg segfault
  - From: Jason Gunthorpe <jgg@debian.org>

Prev by Date: Bug#80351: apt-get source dpkg=stable doesn't work
Next by Date: Processed: Re: 62811: dpkg: dselect doesn't pass on admindir ?
Previous by thread: Bug#80351: apt-get source dpkg=stable doesn't work
Next by thread: Re: Bug#80360: seemingly reproducable dpkg segfault
Index(es):
- Date
- Thread