Bug#669427: apt segfaults on s390x

To: Philipp Kern <pkern@debian.org>, Aurelien Jarno <aurelien@aurel32.net>
Cc: 669427@bugs.debian.org, control@bugs.debian.org
Subject: Bug#669427: apt segfaults on s390x
From: David Kalnischkies <kalnischkies+debian@gmail.com>
Date: Sat, 5 May 2012 02:16:18 +0200
Message-id: <[🔎] CAAZ6_fD-9g6Xh-c25-kFehKAE6GenjC35HZb2bJUFsKZJEbmzg@mail.gmail.com>
Reply-to: David Kalnischkies <kalnischkies+debian@gmail.com>, 669427@bugs.debian.org
In-reply-to: <[🔎] CAAZ6_fD+VxySOgiufkbhtLGN5qYTYe-AKP=fj+fFTAjrVnxDLg@mail.gmail.com>
References: <20120419182100.GA24226@dewey.void.home> <4F906389.5010405@dogguy.org> <20120420200428.GA5710@spike.0x539.de> <20120420212657.GA15574@spike.0x539.de> <[🔎] 20120501145346.GA15300@spike.0x539.de> <[🔎] CAAZ6_fD+VxySOgiufkbhtLGN5qYTYe-AKP=fj+fFTAjrVnxDLg@mail.gmail.com>

package apt
forcemerge 669427 669243
severity 669427 serious
tag 669427 + patch
thanks

On Wed, May 2, 2012 at 5:23 PM, David Kalnischkies
<kalnischkies+debian@gmail.com> wrote:
> We are missing a bit of error checking here (callers of NewDescription() do
> not check if return is != 0 and IsDuplicateDescription doesn't check if the
> given Description is valid), but both shouldn't be a problem as NewDescription
> can only really fail if new memory can't be allocated and as each version has
> at least one description you shouldn't hit a problem in the dup check either.
> Both wouldn't be limited to s390x either way:
> We seem to have a similar bugreport from ppc64 (#669243),
> if i understand right it's also bigendian 64bit, but no other report.

Lesson learned today: If you know you have a bug in your code,
don't put it on the todolist, just fix it!
(or at least the parts which are trivial to fix)

The assumption that each version has a description is correct for all
but one version: In line 442ff we iterate over all packages with the same
name and all versions for these packages to check if we already have a
version with this description.

The problem: We iterate also over the version we have added just a few
lines above which has no description yet as we are in the process of
(maybe) adding one for it.

Result: The duplication check will use a dangling pointer to a string
which should be a md5sum but properly is whatever it wants to be.
On the pro side this usually has the intended effect as a random string
properly doesn't fit the constraints for an md5sum (yet alone that it
matches).

Still, i am really fascinated that this worked for months here and
everywhere else (expect s390x and ppc64).
I would have expected a segfault at least once in a while as this is not
done once or twice but for every version, so more like 100.000 times.

Amazing. I am going to play in the lottery now, maybe this segfault
prevention luck is transitive… (properly more like: I wasted all my
luck on this one here)

[Raising severity and therefore blocking transition as depending on dangling
 pointers isn't a great idea, even if it seems to work for all but not-yet
 release architectures… Upload next week or so]

Thanks to both of you for debugging this and sorry for the inconvenience!

Best regards

David Kalnischkies

Attachment: apt-669427-dangling-description-duplication-check-segfaults.diff
Description: Binary data

Reply to:

Follow-Ups:
- Processed: Re: Bug#669427: apt segfaults on s390x
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#669427: apt segfaults on s390x
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#669427: apt segfaults on s390x
  - From: Julien Cristau <jcristau@debian.org>

References:
- Bug#669427: apt segfaults on s390x
  - From: Philipp Kern <pkern@debian.org>
- Bug#669427: apt segfaults on s390x
  - From: David Kalnischkies <kalnischkies+debian@gmail.com>

Prev by Date: Bug#669427: apt segfaults on s390x
Next by Date: Processed: Re: Bug#669427: apt segfaults on s390x
Previous by thread: Bug#669427: apt segfaults on s390x
Next by thread: Processed: Re: Bug#669427: apt segfaults on s390x
Index(es):
- Date
- Thread