On 10/10/2017 7:18 AM, Ken Brown wrote:
On 9/29/2017 4:33 PM, Ken Brown wrote:
I'll resume my testing after I return.
I've just started testing (based on the current HEAD of topic/libsolv),
and so far everything looks good.
I came across a situation where a SolvableVersion method was being
called on a trivial object (with pool and id both 0). This caused a
crash when pool_id2solvable(pool, id) was called and pool was
dereferenced. There's probably a bug that led to this situation. [It
involved a local install in which a package was listed in two different
setup.ini files, but the tarballs existed only in one.] I plan to
investigate this further. But in any case, we shouldn't crash. Patch
attached.
Ken
From f3b3c60ed473a1ef4e5b1ae5fcd1bfc46a6210fb Mon Sep 17 00:00:00 2001
From: Ken Brown <kbr...@cornell.edu>
Date: Tue, 17 Oct 2017 08:12:48 -0400
Subject: [PATCH] Avoid dereferencing NULL pointers
The libsolv function pool_id2solvable unconditionally dereferences its
first argument ('pool'). Callers must check that this argument is
non-NULL to avoid crashes.
---
libsolv.cc | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/libsolv.cc b/libsolv.cc
index 78e73a8..3a244d4 100644
--- a/libsolv.cc
+++ b/libsolv.cc
@@ -75,6 +75,8 @@ RelId2Operator(Id id)
const std::string
SolvableVersion::Name () const
{
+ if (!pool)
+ return "";
Solvable *solvable = pool_id2solvable(pool, id);
return std::string(pool_id2str(pool, solvable->name));
}
@@ -82,6 +84,8 @@ SolvableVersion::Name () const
const std::string
SolvableVersion::Canonical_version() const
{
+ if (!pool)
+ return "";
Solvable *solvable = pool_id2solvable(pool, id);
return std::string(pool_id2str(pool, solvable->evr));
}
@@ -89,6 +93,8 @@ SolvableVersion::Canonical_version() const
package_type_t
SolvableVersion::Type () const
{
+ if (!pool)
+ return package_binary;
Solvable *solvable = pool_id2solvable(pool, id);
if (solvable->arch == ARCH_SRC)
return package_source;
@@ -112,6 +118,9 @@ SolvableVersion::obsoletes() const
const PackageDepends
SolvableVersion::deplist(Id keyname) const
{
+ static PackageDepends empty_package;
+ if (!pool)
+ return empty_package;
Solvable *solvable = pool_id2solvable(pool, id);
Queue q;
@@ -147,13 +156,14 @@ SolvableVersion::deplist(Id keyname) const
}
// otherwise, return an empty depends list
- static PackageDepends empty_package;
return empty_package;
}
const std::string
SolvableVersion::SDesc () const
{
+ if (!pool)
+ return "";
Solvable *solvable = pool_id2solvable(pool, id);
const char *sdesc = repo_lookup_str(solvable->repo, id, SOLVABLE_SUMMARY);
return sdesc;
@@ -197,6 +207,8 @@ SolvableVersion::sourcePackage () const
void
SolvableVersion::fixup_spkg_id (SolvableVersion spkg_id) const
{
+ if (!pool)
+ return;
Solvable *solvable = pool_id2solvable(pool, id);
Repodata *data = repo_last_repodata(solvable->repo);
Id handle = id;
@@ -237,6 +249,8 @@ SolvableVersion::accessible () const
package_stability_t
SolvableVersion::Stability () const
{
+ if (!pool)
+ return TRUST_UNKNOWN;
Solvable *solvable = pool_id2solvable(pool, id);
Id stability_attr = pool_str2id(pool, "solvable:stability", 1);
return (package_stability_t)repo_lookup_num(solvable->repo, id,
stability_attr, TRUST_UNKNOWN);
--
2.14.2