Bug#80360: seemingly reproducable dpkg segfault
package: apt
version: 0.3.19
On Fri, 22 Dec 2000, Sean 'Shaleh' Perry wrote:
> Steps:
>
> grab base.tgz from potato
> setup resolv.conf and sources.list for potato
> chroot in
> apt-get install dpkg-dev build-essential (due to a bug in apt, you have to
> isntall dpkg-dev first)
> apt-get install strace (you won't get the chance later)
> apt-get install libncurses5-dev libreadline4-dev libssl09-dev libzvt-dev
> ...
> ...
> segfault
>
> dpkg appears to die during the dpkg --unpack of the 30 some packages at once.
> I could not figure out how to get strace to give me the entire command line so
> I could try to run dpkg by hand.
>
> This dies for me every time I try it.
Here's a little more info for the bug:
If you add -o Debug::pkgDPkgPM=true, and then run the displayed dpkg commands
by hand, it works fine, no segfault. It's only when run under apt that dpkg
has problems.
<doogie> #0 0x805c070 in strcpy ()
<doogie> #1 0xbfffea48 in ?? ()
<doogie> #2 0x80502cb in strcpy ()
<doogie> #3 0x8051c49 in strcpy ()
<doogie> #4 0x8050f68 in strcpy ()
<doogie> #5 0x804a752 in strcpy ()
<doogie> #6 0x4002da52 in __libc_start_main () from /lib/libc.so.6
<BenC> aha
<BenC> argv is bad, I'm sure
<BenC> I bet there's a string that apt isn't writing a NULL byte at the end
of one of the argv params
And the following patch to apt works around the problem.
--
Index: apt-pkg/deb/dpkgpm.cc
===================================================================
RCS file: /cvs/deity/apt/apt-pkg/deb/dpkgpm.cc,v
retrieving revision 1.17.2.3
diff -u -r1.17.2.3 dpkgpm.cc
--- apt-pkg/deb/dpkgpm.cc 2000/11/30 08:39:22 1.17.2.3
+++ apt-pkg/deb/dpkgpm.cc 2000/12/23 01:46:56
@@ -408,6 +408,8 @@
{
if (I->File[0] != '/')
return _error->Error("Internal Error, Pathname to install is not absolute '%s'",I->File.c_str());
+ if (Size + strlen(I->File.c_str()) > 1024)
+ break;
Args[n++] = I->File.c_str();
Size += strlen(Args[n-1]);
}
@@ -416,6 +418,8 @@
{
for (;I != J && Size < 1024; I++)
{
+ if (Size + strlen(I->File.c_str()) > 1024)
+ break;
Args[n++] = I->Pkg.Name();
Size += strlen(Args[n-1]);
}
--
This may be a bug in libc6 2.1.3-13 that came with potato, but I don't feel
like debugging that.
----BEGIN GEEK CODE BLOCK----
Version: 3.12
GCS d- s: a-- c+++ UL++++ P+ L++++ !E W+ M o+ K- W--- !O M- !V PS--
PE++ Y+ PGP++ t* 5++ X+ tv b+ D++ G e h*! !r z?
-----END GEEK CODE BLOCK-----
----BEGIN PGP INFO----
Adam Heath <doogie@debian.org> Finger Print | KeyID
67 01 42 93 CA 37 FB 1E 63 C9 80 1D 08 CF 84 0A | DE656B05 PGP
AD46 C888 F587 F8A3 A6DA 3261 8A2C 7DC2 8BD4 A489 | 8BD4A489 GPG
-----END PGP INFO-----
Reply to: