[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#203741: apt sigcheck patches

On a system running apt CVS + this patch, I get a number of reproducible
segfaults.  For example, after "apt-get source" and "apt-get install".

#0  0x401ff136 in mallopt () from /lib/libc.so.6
#1  0x401ff050 in mallopt () from /lib/libc.so.6
#2  0x401fde67 in free () from /lib/libc.so.6
#3  0x4013e261 in operator delete(void*) () from /usr/lib/libstdc++.so.5
#4  0x4013e2bc in operator delete[](void*) () from /usr/lib/libstdc++.so.5
#5  0x4004e09b in ~pkgTagFile (this=0x80aeb70) at tagfile.cc:58
#6  0x40083bec in ~debRecordParser (this=0x8092770) at basic_string.h:217
#7  0x40055589 in ~pkgRecords (this=0xbffff340) at pkgrecords.cc:55
#8  0x08058c6b in DoSource(CommandLine&) (CmdL=@0x41181940) at apt-get.cc:747
#9  0x4003cea4 in CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (
    this=0xbffff480, Map=0xbffff490, NoMatch=true) at contrib/cmndline.cc:340
#10 0x0805bb27 in main (argc=3, argv=0xbffff7d4) at apt-get.cc:2423

It doesn't crash in any new code, but another apt built with the same
compiler, without the sigcheck patch, doesn't have this problem.  Maybe
there is some heap corruption happening somewhere?

[...]

Using the patch from #206366, I was able to run the patched apt under
valgrind, and it reports a number of errors.  The unpatched apt comes up
clean.  Output is attached.

-- 
 - mdz

mizar:[...ne/cvs/apt-secure/build/bin] LD_LIBRARY_PATH=. valgrind ./apt-get source hello
==31398== Memcheck, a.k.a. Valgrind, a memory error detector for x86-linux.
==31398== Copyright (C) 2002-2003, and GNU GPL'd, by Julian Seward.
==31398== Using valgrind-20030725, a program supervision framework for x86-linux.
==31398== Copyright (C) 2000-2003, and GNU GPL'd, by Julian Seward.
==31398== Estimated CPU clock rate is 1209 MHz
==31398== For more details, rerun with: -v
==31398== 
Reading Package Lists... Done
Building Dependency Tree... Done
==31398== Invalid write of size 4
==31398==    at 0x4027FCDD: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:602)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    by 0x805BB26: main (apt-get.cc:2423)
==31398==    Address 0x416A40D4 is 0 bytes after a block of size 48 alloc'd
==31398==    at 0x40026AEF: __builtin_vec_new (vg_replace_malloc.c:197)
==31398==    by 0x40026B46: operator new[](unsigned) (vg_replace_malloc.c:210)
==31398==    by 0x4027FC6E: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:87)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398== 
==31398== Invalid read of size 4
==31398==    at 0x4027FCF3: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (srcrecords.cc:45)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    by 0x805BB26: main (apt-get.cc:2423)
==31398==    Address 0x416A40D4 is 0 bytes after a block of size 48 alloc'd
==31398==    at 0x40026AEF: __builtin_vec_new (vg_replace_malloc.c:197)
==31398==    by 0x40026B46: operator new[](unsigned) (vg_replace_malloc.c:210)
==31398==    by 0x4027FC6E: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:87)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398== 
==31398== Invalid write of size 4
==31398==    at 0x4027FD20: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (srcrecords.cc:49)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    by 0x805BB26: main (apt-get.cc:2423)
==31398==    Address 0x416A4100 is 4 bytes before a block of size 16 alloc'd
==31398==    at 0x40026A01: __builtin_new (vg_replace_malloc.c:172)
==31398==    by 0x40026A58: operator new(unsigned) (vg_replace_malloc.c:185)
==31398==    by 0x402A9E12: debReleaseIndex::GetIndexFiles() (stl_vector.h:596)
==31398==    by 0x4027FCB2: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:602)
==31398== 
==31398== Invalid read of size 4
==31398==    at 0x4027FE52: pkgSrcRecords::Restart() (srcrecords.cc:82)
==31398==    by 0x4027FD60: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (srcrecords.cc:59)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    Address 0x416A40D4 is 0 bytes after a block of size 48 alloc'd
==31398==    at 0x40026AEF: __builtin_vec_new (vg_replace_malloc.c:197)
==31398==    by 0x40026B46: operator new[](unsigned) (vg_replace_malloc.c:210)
==31398==    by 0x4027FC6E: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:87)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398== 
==31398== Invalid read of size 4
==31398==    at 0x4027FE52: pkgSrcRecords::Restart() (srcrecords.cc:82)
==31398==    by 0x8052BD9: FindSrc(char const*, pkgRecords&, pkgSrcRecords&, std::string&, pkgDepCache&) (apt-get.cc:1187)
==31398==    by 0x80582FE: DoSource(CommandLine&) (cachefile.h:45)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    Address 0x416A40D4 is 0 bytes after a block of size 48 alloc'd
==31398==    at 0x40026AEF: __builtin_vec_new (vg_replace_malloc.c:197)
==31398==    by 0x40026B46: operator new[](unsigned) (vg_replace_malloc.c:210)
==31398==    by 0x4027FC6E: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:87)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398== 
==31398== Invalid read of size 4
==31398==    at 0x4027FF95: pkgSrcRecords::Find(char const*, bool) (srcrecords.cc:106)
==31398==    by 0x8052BFD: FindSrc(char const*, pkgRecords&, pkgSrcRecords&, std::string&, pkgDepCache&) (basic_string.h:717)
==31398==    by 0x80582FE: DoSource(CommandLine&) (cachefile.h:45)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    Address 0x416A40D4 is 0 bytes after a block of size 48 alloc'd
==31398==    at 0x40026AEF: __builtin_vec_new (vg_replace_malloc.c:197)
==31398==    by 0x40026B46: operator new[](unsigned) (vg_replace_malloc.c:210)
==31398==    by 0x4027FC6E: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:87)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398== 
==31398== Invalid read of size 4
==31398==    at 0x4027FEA0: pkgSrcRecords::Find(char const*, bool) (srcrecords.cc:95)
==31398==    by 0x8052BFD: FindSrc(char const*, pkgRecords&, pkgSrcRecords&, std::string&, pkgDepCache&) (basic_string.h:717)
==31398==    by 0x80582FE: DoSource(CommandLine&) (cachefile.h:45)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    Address 0x416A40D4 is 0 bytes after a block of size 48 alloc'd
==31398==    at 0x40026AEF: __builtin_vec_new (vg_replace_malloc.c:197)
==31398==    by 0x40026B46: operator new[](unsigned) (vg_replace_malloc.c:210)
==31398==    by 0x4027FC6E: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:87)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398== 
==31398== Invalid read of size 4
==31398==    at 0x4027FECD: pkgSrcRecords::Find(char const*, bool) (basic_string.h:922)
==31398==    by 0x8052BFD: FindSrc(char const*, pkgRecords&, pkgSrcRecords&, std::string&, pkgDepCache&) (basic_string.h:717)
==31398==    by 0x80582FE: DoSource(CommandLine&) (cachefile.h:45)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    Address 0x416A40D4 is 0 bytes after a block of size 48 alloc'd
==31398==    at 0x40026AEF: __builtin_vec_new (vg_replace_malloc.c:197)
==31398==    by 0x40026B46: operator new[](unsigned) (vg_replace_malloc.c:210)
==31398==    by 0x4027FC6E: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:87)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398== 
==31398== Invalid read of size 4
==31398==    at 0x4027FF26: pkgSrcRecords::Find(char const*, bool) (srcrecords.cc:122)
==31398==    by 0x8052BFD: FindSrc(char const*, pkgRecords&, pkgSrcRecords&, std::string&, pkgDepCache&) (basic_string.h:717)
==31398==    by 0x80582FE: DoSource(CommandLine&) (cachefile.h:45)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    Address 0x416A40D4 is 0 bytes after a block of size 48 alloc'd
==31398==    at 0x40026AEF: __builtin_vec_new (vg_replace_malloc.c:197)
==31398==    by 0x40026B46: operator new[](unsigned) (vg_replace_malloc.c:210)
==31398==    by 0x4027FC6E: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:87)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398== 
==31398== Invalid read of size 4
==31398==    at 0x4027FF65: pkgSrcRecords::Find(char const*, bool) (srcrecords.cc:125)
==31398==    by 0x8052BFD: FindSrc(char const*, pkgRecords&, pkgSrcRecords&, std::string&, pkgDepCache&) (basic_string.h:717)
==31398==    by 0x80582FE: DoSource(CommandLine&) (cachefile.h:45)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    Address 0x416A40F0 is not stack'd, malloc'd or free'd
==31398== 
==31398== Invalid read of size 4
==31398==    at 0x4027FE91: pkgSrcRecords::Find(char const*, bool) (srcrecords.cc:95)
==31398==    by 0x8052BFD: FindSrc(char const*, pkgRecords&, pkgSrcRecords&, std::string&, pkgDepCache&) (basic_string.h:717)
==31398==    by 0x80582FE: DoSource(CommandLine&) (cachefile.h:45)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    Address 0x416A40F0 is not stack'd, malloc'd or free'd
Need to get 395kB of source archives.
Get:1 http://debian unstable/main hello 2.1.1-1 (dsc) [561B]
Get:2 http://debian unstable/main hello 2.1.1-1 (tar) [389kB]
Get:3 http://debian unstable/main hello 2.1.1-1 (diff) [4908B]
Fetched 3B in 0s (25B/s)
dpkg-source: extracting hello in hello-2.1.1
==31402== 
==31402== ERROR SUMMARY: 9902 errors from 11 contexts (suppressed: 0 from 0)
==31402== malloc/free: in use at exit: 14053076 bytes in 287 blocks.
==31402== malloc/free: 808 allocs, 521 frees, 14399581 bytes allocated.
==31402== For a detailed leak analysis,  rerun with: --leak-check=yes
==31402== For counts of detected errors, rerun with: -v
==31398== 
==31398== Invalid read of size 4
==31398==    at 0x4027FE07: pkgSrcRecords::~pkgSrcRecords() (srcrecords.cc:71)
==31398==    by 0x8058C5C: DoSource(CommandLine&) (apt-get.cc:747)
==31398==    by 0x40255EA3: CommandLine::DispatchArg(CommandLine::Dispatch*, bool) (cmndline.cc:340)
==31398==    by 0x805BB26: main (apt-get.cc:2423)
==31398==    Address 0x416A40D4 is 0 bytes after a block of size 48 alloc'd
==31398==    at 0x40026AEF: __builtin_vec_new (vg_replace_malloc.c:197)
==31398==    by 0x40026B46: operator new[](unsigned) (vg_replace_malloc.c:210)
==31398==    by 0x4027FC6E: pkgSrcRecords::pkgSrcRecords(pkgSourceList&) (stl_iterator.h:87)
==31398==    by 0x80581ED: DoSource(CommandLine&) (apt-get.cc:1810)
==31398== 
==31398== ERROR SUMMARY: 9914 errors from 12 contexts (suppressed: 0 from 0)
==31398== malloc/free: in use at exit: 97208 bytes in 195 blocks.
==31398== malloc/free: 808 allocs, 613 frees, 14399581 bytes allocated.
==31398== For a detailed leak analysis,  rerun with: --leak-check=yes
==31398== For counts of detected errors, rerun with: -v
Reply to: