package apt forcemerge 669427 669243 severity 669427 serious tag 669427 + patch thanks On Wed, May 2, 2012 at 5:23 PM, David Kalnischkies <kalnischkies+debian@gmail.com> wrote: > We are missing a bit of error checking here (callers of NewDescription() do > not check if return is != 0 and IsDuplicateDescription doesn't check if the > given Description is valid), but both shouldn't be a problem as NewDescription > can only really fail if new memory can't be allocated and as each version has > at least one description you shouldn't hit a problem in the dup check either. > Both wouldn't be limited to s390x either way: > We seem to have a similar bugreport from ppc64 (#669243), > if i understand right it's also bigendian 64bit, but no other report. Lesson learned today: If you know you have a bug in your code, don't put it on the todolist, just fix it! (or at least the parts which are trivial to fix) The assumption that each version has a description is correct for all but one version: In line 442ff we iterate over all packages with the same name and all versions for these packages to check if we already have a version with this description. The problem: We iterate also over the version we have added just a few lines above which has no description yet as we are in the process of (maybe) adding one for it. Result: The duplication check will use a dangling pointer to a string which should be a md5sum but properly is whatever it wants to be. On the pro side this usually has the intended effect as a random string properly doesn't fit the constraints for an md5sum (yet alone that it matches). Still, i am really fascinated that this worked for months here and everywhere else (expect s390x and ppc64). I would have expected a segfault at least once in a while as this is not done once or twice but for every version, so more like 100.000 times. Amazing. I am going to play in the lottery now, maybe this segfault prevention luck is transitive… (properly more like: I wasted all my luck on this one here) [Raising severity and therefore blocking transition as depending on dangling pointers isn't a great idea, even if it seems to work for all but not-yet release architectures… Upload next week or so] Thanks to both of you for debugging this and sorry for the inconvenience! Best regards David Kalnischkies
Attachment:
apt-669427-dangling-description-duplication-check-segfaults.diff
Description: Binary data