Package: nalaVersion: 0.12.2Severity: normal
Dear Maintainer,
When running nala history as an unprivileged user, the process appears to hang
and uses excessive CPU and memory resources. In my case, while running this on
a Raspberry Pi, it eventually exhausted physical memory and caused several
processes to crash.
The direct cause of this is that the program doesn't know how to handle a case
where it doesn't have permissions to read /var/lib/nala/history.json, as shown
in this strace sample:
openat(AT_FDCWD, "/var/lib/nala/history.json", O_RDONLY|O_CLOEXEC) = -1 EACCES
(Permission denied)
mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f93c15c9000
mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f93c14c9000
mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f93c13c9000
mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f93c12c9000
mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f93c11c9000
These mmap calls continue infinitely, sequentially running through memory
locations until a SIGINT is sent, upon which python returns
Error in sys.excepthook:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/typer/main.py", line 72, in except_hook
rich_tb = Traceback.from_exception(
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/rich/traceback.py", line 335, in
from_exception
debian@e911b6bb987c:~$ rich_traceback = cls.extract(
^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/rich/traceback.py", line 448, in extract
locals={
^
File "/usr/lib/python3/dist-packages/rich/traceback.py", line 449, in
<dictcomp>
key: pretty.traverse(
^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/rich/pretty.py", line 887, in traverse
node = _traverse(_object, root=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/rich/pretty.py", line 637, in _traverse
def _traverse(obj: Any, root: bool = False, depth: int = 0) -> Node:
After KeyBoardInterrupt, the error messages conclude with
PermissionError: [Errno 13] Permission denied: '/var/lib/nala/history.json'
I was also able to reproduce this on amd64.
The program should be able to handle this issue by erroring out with something
like "Cannot read /var/lib/nala/history.json" and terminating immediately.
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)
Kernel: Linux 6.1.0-10-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nala depends on:
ii apt 2.6.1
ii python3 3.11.2-1+b1
ii python3-anyio 3.6.2-1
ii python3-apt 2.6.0
ii python3-debian 0.1.49
ii python3-httpx 0.23.3-1
ii python3-pexpect 4.8.0-4
ii python3-rich 13.3.1-1
ii python3-tomli 2.0.1-2
ii python3-typer 0.7.0-1
ii python3-typing-extensions 4.4.0-1
Versions of packages nala recommends:
ii python3-socksio 1.0.0-2
nala suggests no packages.
-- no debconf information
