[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#669427: apt segfaults on s390x

On Sat, May 05, 2012 at 02:16:18AM +0200, David Kalnischkies wrote:
> package apt
> forcemerge 669427 669243
> severity 669427 serious
> tag 669427 + patch
> thanks
> 
> 
> On Wed, May 2, 2012 at 5:23 PM, David Kalnischkies
> <kalnischkies+debian@gmail.com> wrote:
> > We are missing a bit of error checking here (callers of NewDescription() do
> > not check if return is != 0 and IsDuplicateDescription doesn't check if the
> > given Description is valid), but both shouldn't be a problem as NewDescription
> > can only really fail if new memory can't be allocated and as each version has
> > at least one description you shouldn't hit a problem in the dup check either.
> > Both wouldn't be limited to s390x either way:
> > We seem to have a similar bugreport from ppc64 (#669243),
> > if i understand right it's also bigendian 64bit, but no other report.
> 
> Lesson learned today: If you know you have a bug in your code,
> don't put it on the todolist, just fix it!
> (or at least the parts which are trivial to fix)
> 
> 
> The assumption that each version has a description is correct for all
> but one version: In line 442ff we iterate over all packages with the same
> name and all versions for these packages to check if we already have a
> version with this description.
> 
> The problem: We iterate also over the version we have added just a few
> lines above which has no description yet as we are in the process of
> (maybe) adding one for it.
> 
> Result: The duplication check will use a dangling pointer to a string
> which should be a md5sum but properly is whatever it wants to be.
> On the pro side this usually has the intended effect as a random string
> properly doesn't fit the constraints for an md5sum (yet alone that it
> matches).
> 
> Still, i am really fascinated that this worked for months here and
> everywhere else (expect s390x and ppc64).
> I would have expected a segfault at least once in a while as this is not
> done once or twice but for every version, so more like 100.000 times.
> 
> Amazing. I am going to play in the lottery now, maybe this segfault
> prevention luck is transitive… (properly more like: I wasted all my
> luck on this one here)
> 
> [Raising severity and therefore blocking transition as depending on dangling
>  pointers isn't a great idea, even if it seems to work for all but not-yet
>  release architectures… Upload next week or so]
> 
> Thanks to both of you for debugging this and sorry for the inconvenience!
> 

I have just tried, and I confirm the patch fixes the issue, at least on
s390x.

Aurelien

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net
Reply to: