Bug#690498: marked as done (apt: pkgCacheGenerator::ListParser::NewProvides crashes with unlucky remap timing)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 30 Oct 2012 14:10:52 +0100
with message-id <CAAZ6_fCQv+xT9SxK++uh54M-tKWkagiPcBiROQ2yVk3-_WsQxg@mail.gmail.com>
and subject line Re: [Aptitude-devel] Bug#691846: "aptitude update" segfaults
has caused the Debian Bug report #690498,
regarding apt: pkgCacheGenerator::ListParser::NewProvides crashes with unlucky remap timing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
690498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690498
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: apt: pkgCacheGenerator::ListParser::NewProvides crashes with unlucky remap timing
• From: Colin Watson <cjwatson@ubuntu.com>
• Date: Sun, 14 Oct 2012 23:50:46 +0100
• Message-id: <[🔎] 20121014225045.GJ17188@riva.dynamic.greenend.org.uk>

Package: apt
Version: 0.9.7.5
Severity: important
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch quantal

pkgCacheGenerator::ListParser::NewProvides doesn't follow the usual
pattern when writing a new string to the cache of assigning first to a
temporary variable and then to the cache iterator.  This means that if a
cache remap occurs during the expression "Prv->ProvidesVersion =
WriteString(Version)", it will change Prv, but the assignment may
attempt to write to the pre-remap location depending on order of
evaluation.  This caused
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1066445.  Patch
follows.

=== modified file 'apt-pkg/pkgcachegen.cc'
--- apt-pkg/pkgcachegen.cc	2012-09-19 09:39:20 +0000
+++ apt-pkg/pkgcachegen.cc	2012-10-14 22:47:19 +0000
@@ -973,8 +973,12 @@ bool pkgCacheGenerator::ListParser::NewP
    Prv->Version = Ver.Index();
    Prv->NextPkgProv = Ver->ProvidesList;
    Ver->ProvidesList = Prv.Index();
-   if (Version.empty() == false && unlikely((Prv->ProvideVersion = WriteString(Version)) == 0))
-      return false;
+   if (Version.empty() == false) {
+      map_ptrloc const idxProvideVersion = WriteString(Version);
+      Prv->ProvideVersion = idxProvideVersion;
+      if (unlikely(idxProvideVersion == 0))
+	 return false;
+   }
    
    // Locate the target package
    pkgCache::PkgIterator Pkg;

=== modified file 'debian/changelog'
--- debian/changelog	2012-10-12 12:44:09 +0000
+++ debian/changelog	2012-10-14 22:50:15 +0000
@@ -18,6 +18,11 @@ apt (0.9.7.6) UNRELEASED; urgency=low
   * increase the maximum netrc login/password size and show proper
     error message on overflow
 
+  [ Colin Watson ]
+  * apt-pkg/pkgcachegen.cc:
+    - Fix crash if the cache is remapped while writing a Provides version
+      (LP: #1066445).
+
  -- David Kalnischkies <kalnischkies@gmail.com>  Wed, 19 Sep 2012 11:29:56 +0200
 
 apt (0.9.7.5) unstable; urgency=low

Thanks,

-- 
Colin Watson                                       [cjwatson@ubuntu.com]

--- End Message ---

--- Begin Message ---

• To: Stanislav Maslovski <stanislav.maslovski@gmail.com>, 691846-done@bugs.debian.org, 690498-done@bugs.debian.org
• Subject: Re: [Aptitude-devel] Bug#691846: "aptitude update" segfaults
• From: David Kalnischkies <kalnischkies+debian@gmail.com>
• Date: Tue, 30 Oct 2012 14:10:52 +0100
• Message-id: <CAAZ6_fCQv+xT9SxK++uh54M-tKWkagiPcBiROQ2yVk3-_WsQxg@mail.gmail.com>
• In-reply-to: <20121030101730.29454.47004.reportbug@kaiba.homelan>
• References: <20121030101730.29454.47004.reportbug@kaiba.homelan>

reassign 691846 apt 0.9.7.5
merge 690498 691846
thanks

On Tue, Oct 30, 2012 at 11:17 AM, Stanislav Maslovski
<stanislav.maslovski@gmail.com> wrote:
> Currently, "aptitude update" reproducibly segfaults on my 64-bit
> system with the following gdb backtrace:
[…]
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff7b4fe80 in pkgCacheGenerator::ListParser::NewProvides(pkgCache::VerIterator&, std::string const&, std::string const&, std::string const&) ()
>    from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12

Thanks for the report! This looks a lot like the issue fixed in apt/0.9.7.6
(currently only in unstable) so I am going to merge these two.
(and close them at the same time as this was forgotten previously;
 wish me luck, I am not sure that merge+close actually works this way…)

It would be nice if you could test it, but to be fair, it is quiet likely
that installing the new version will change enough to make it disappear.
So if you want you are probably better of in compiling it yourself and
running APT from the buildtree (or aptitude, you just need the libapt-pkg
to be build and used so LD_LIBRARY_PATH=/path/to/apt/build/bin
should help you). You don't have to of course. :)

If this problem isn't fixed by this feel free to reopen the bug of course.
The reassigning is fine though as it is not aptitudes fault either way.


Best regards

David Kalnischkies

--- End Message ---