Bug#690498: apt: pkgCacheGenerator::ListParser::NewProvides crashes with unlucky remap timing
Package: apt
Version: 0.9.7.5
Severity: important
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch quantal
pkgCacheGenerator::ListParser::NewProvides doesn't follow the usual
pattern when writing a new string to the cache of assigning first to a
temporary variable and then to the cache iterator. This means that if a
cache remap occurs during the expression "Prv->ProvidesVersion =
WriteString(Version)", it will change Prv, but the assignment may
attempt to write to the pre-remap location depending on order of
evaluation. This caused
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1066445. Patch
follows.
=== modified file 'apt-pkg/pkgcachegen.cc'
--- apt-pkg/pkgcachegen.cc 2012-09-19 09:39:20 +0000
+++ apt-pkg/pkgcachegen.cc 2012-10-14 22:47:19 +0000
@@ -973,8 +973,12 @@ bool pkgCacheGenerator::ListParser::NewP
Prv->Version = Ver.Index();
Prv->NextPkgProv = Ver->ProvidesList;
Ver->ProvidesList = Prv.Index();
- if (Version.empty() == false && unlikely((Prv->ProvideVersion = WriteString(Version)) == 0))
- return false;
+ if (Version.empty() == false) {
+ map_ptrloc const idxProvideVersion = WriteString(Version);
+ Prv->ProvideVersion = idxProvideVersion;
+ if (unlikely(idxProvideVersion == 0))
+ return false;
+ }
// Locate the target package
pkgCache::PkgIterator Pkg;
=== modified file 'debian/changelog'
--- debian/changelog 2012-10-12 12:44:09 +0000
+++ debian/changelog 2012-10-14 22:50:15 +0000
@@ -18,6 +18,11 @@ apt (0.9.7.6) UNRELEASED; urgency=low
* increase the maximum netrc login/password size and show proper
error message on overflow
+ [ Colin Watson ]
+ * apt-pkg/pkgcachegen.cc:
+ - Fix crash if the cache is remapped while writing a Provides version
+ (LP: #1066445).
+
-- David Kalnischkies <kalnischkies@gmail.com> Wed, 19 Sep 2012 11:29:56 +0200
apt (0.9.7.5) unstable; urgency=low
Thanks,
--
Colin Watson [cjwatson@ubuntu.com]
Reply to: