[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#120311: apt-cache segfaults on malformed status-file

On Thu, Sep 12, 2002 at 03:38:32PM -0600, Jason Gunthorpe wrote:
> 
> On Thu, 12 Sep 2002, Branden Robinson wrote:
> 
> > Culus said "MMap *Map = 0;" was the right fix.
> > 
> > It isn't.
> 
> Er, doesn't all of what you've shown here prove it is the right fix
> since it isn't segfaulting?

Well, no, the behavior is still wrong in that it doesn't actually show
you any data.

> The original segfault was a simply a delete of an uninitialized pointer,
> initing it to 0 makes it safe since delete 0 is a nop.

If it's desirable for apt-cache to never return any data, then yeah,
it's valid.  Otherwise it's still broken.  But I think people want an
apt-cache program that isn't just a rewrite of /bin/true.

Let's see what happens when we run the same command as an ordinary user:

branden@zuul:~$ LD_LIBRARY_PATH=/tmp/branden/apt-0.5.4/build/bin gdb /tmp/branden/apt-0.5.4/build/bin/apt-cache
GNU gdb 2002-08-18-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...
(gdb) set args show autoconf
(gdb) break apt-cache.cc:1362
Breakpoint 1 at 0x8052ae7: file apt-cache.cc, line 1362.
(gdb) run
Starting program: /tmp/branden/apt-0.5.4/build/bin/apt-cache show autoconf

Breakpoint 1, main (argc=3, argv=0xbffffd24) at apt-cache.cc:1362
1362       if (CmdL.DispatchArg(CmdsA,false) == false && _error->PendingError() == false)
(gdb) next
1364          MMap *Map = 0;
(gdb) 
1365          if (_config->FindB("APT::Cache::Generate",true) == false)
(gdb) 
1373             SrcList = new pkgSourceList;
(gdb) 
1374             SrcList->ReadMainList();
(gdb) 
1377             OpProgress Prog;
(gdb) 
1378             pkgMakeStatusCache(*SrcList,Prog,&Map,true);
(gdb) 
68         virtual ~OpProgress() {};
(gdb) 
147       Rep *rep () const { return reinterpret_cast<Rep *>(dat) - 1; }
(gdb) 
109         void release () { if (--ref == 0) delete this; }
(gdb) 
190         { rep ()->release (); }
(gdb) 
109         void release () { if (--ref == 0) delete this; }
(gdb) 
428       {
(gdb) 
432         if (__n > (size_t) _MAX_BYTES) {
(gdb) 
347             return (((__bytes) + _ALIGN-1)/_ALIGN - 1);
(gdb) 
436         __my_free_list = _S_free_list + _S_freelist_index(__n);
(gdb) 
393                 _Lock() { __NODE_ALLOCATOR_LOCK; }
(gdb) 
442         __q -> _M_free_list_link = *__my_free_list;
(gdb) 
443         *__my_free_list = __q;
(gdb) 
394                 ~_Lock() { __NODE_ALLOCATOR_UNLOCK; }
(gdb) 
190         { rep ()->release (); }
(gdb) 
109         void release () { if (--ref == 0) delete this; }
(gdb) 
190         { rep ()->release (); }
(gdb) 
109         void release () { if (--ref == 0) delete this; }
(gdb) 
1381          if (_error->PendingError() == false)
(gdb) 
1383             pkgCache Cache(Map);   
(gdb) 
1384             GCache = &Cache;
(gdb) 
1385             if (_error->PendingError() == false)
(gdb) 
85         inline bool PendingError() {return PendingFlag;};
(gdb) 
1385             if (_error->PendingError() == false)
(gdb) 
1386                CmdL.DispatchArg(CmdsB);
(gdb) 
Package: autoconf
Priority: optional
Section: devel
Installed-Size: 1652
Maintainer: Ben Pfaff <pfaffben@debian.org>
Architecture: all
Version: 2.53-5
Replaces: autoconf (<< 2.53)
Depends: perl (>> 5.005), m4, debianutils (>= 1.8)
Recommends: automake
Suggests: gnu-standards
Conflicts: autoconf2.13 (<< 2.13-41), gettext (<< 0.10.39)
Filename: pool/main/a/autoconf/autoconf_2.53-5_all.deb
Size: 699908
MD5sum: e41215d56c83ac45c13ca73a3316ebc2
Description: automatic configure script builder
 The standard for FSF source packages.  This is only useful if you
 write your own programs or if you extensively modify other people's
 programs.
 .
 This version of autoconf contains many changes from the previous
 release, version 2.13.  If you need support for Autoconf 2.13,
 you must install the autoconf2.13 package as well.
Task: c-dev

Package: autoconf
Priority: optional
Section: devel
Installed-Size: 1652
Maintainer: Ben Pfaff <pfaffben@debian.org>
Architecture: all
Version: 2.53-2
Replaces: autoconf (<< 2.53)
Depends: perl (>> 5.005), m4, debianutils (>= 1.8), autoconf2.13 (>= 2.13-41)
Recommends: automake
Suggests: gnu-standards
Conflicts: autoconf2.13 (<< 2.13-41), gettext (<< 0.10.39)
Filename: pool/main/a/autoconf/autoconf_2.53-2_all.deb
Size: 699766
MD5sum: 3ab2e6de5369984c9151776f791c4c81
Description: automatic configure script builder
 The standard for FSF source packages.  This is only useful if you
 write your own programs or if you extensively modify other people's
 programs.
 .
 This version of autoconf contains many changes from the previous
 release, version 2.13.  For now, it depends on autoconf2.13 to
 provide compatibility.  This will eventually go away, so please
 upgrade your autoconfiscations.
Task: c-dev

137        virtual ~pkgCache() {};
(gdb) 
147       Rep *rep () const { return reinterpret_cast<Rep *>(dat) - 1; }
(gdb) 
109         void release () { if (--ref == 0) delete this; }
(gdb) 
1388          if (Map)
(gdb) 
1389             delete Map;
(gdb) 
1396       if (_error->empty() == false)
(gdb) 
1403       return 0;
(gdb) 
0x08053505      1404    }
(gdb) 
0x401850bf in __libc_start_main () from /lib/libc.so.6
(gdb) 
Single stepping until exit from function __libc_start_main, 
which has no line number information.

Program exited normally.
(gdb) 

-- 
G. Branden Robinson                |      Intellectual property is neither
Debian GNU/Linux                   |      intellectual nor property.
branden@debian.org                 |      Discuss.
http://people.debian.org/~branden/ |      -- Linda Richman

Attachment: pgpGtqqD7t6mu.pgp
Description: PGP signature

Reply to: