Bug#843874: dpkg: segfaults installing desktop-base 9.0.0~exp1 on amd64
On 2016-11-10 16:34, Guillem Jover wrote: >> If you can still reproduce at will, I might like to provide a patch to >> make sure the fix works for you? If you could test this, probably >> later today, that'd be awesome! > > Ok, it was too trivial to leave alone. :) Attached the proposed patch. That seems to work: # ./dpkg-buggy --configure --pending Setting up desktop-base (9.0.0~exp1) ... dpkg: error processing package desktop-base (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: Segmentation fault # ./dpkg-fixed --configure --pending Setting up desktop-base (9.0.0~exp1) ... dpkg: error processing package desktop-base (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: desktop-base and I can run an arbitrary sequence of these two commands and get always the same output. Andreas
Bug#843874: dpkg: segfaults installing desktop-base 9.0.0~exp1 on amd64
Hi!
On Thu, 2016-11-10 at 16:24:13 +0100, Guillem Jover wrote:
> This appears to be a problem with reportbroken_retexitstatus() in
> src/error.c when printing out the packages affected by the errors, so
> not something dangerous, but still annoying and wrong.
>
> From your backtrace it seems the function which has accumulated the
> package names cannot access those pointers anymore. And even though I
> cannot reproduce I think I know what's going on.
>
> The latest releases started freeing the memory pool when releaseing
> the database journal. Which means that this invalidates those stored
> references. I'll copy those strings for the next release so that we
> can still free the db.
>
> If you can still reproduce at will, I might like to provide a patch to
> make sure the fix works for you? If you could test this, probably
> later today, that'd be awesome!
Ok, it was too trivial to leave alone. :) Attached the proposed patch.
Thanks,
Guillem
diff --git i/src/errors.c w/src/errors.c
index 0869235..d580e35 100644
--- i/src/errors.c
+++ w/src/errors.c
@@ -47,7 +47,7 @@ static int nerrs = 0;
struct error_report {
struct error_report *next;
- const char *what;
+ char *what;
};
static struct error_report *reports = NULL;
@@ -66,7 +66,7 @@ enqueue_error_report(const char *arg)
abort_processing = true;
nr=
}
- nr->what= arg;
+ nr->what = strdup(arg);
nr->next = NULL;
*lastreport= nr;
lastreport= >next;
@@ -109,6 +109,7 @@ reportbroken_retexitstatus(int ret)
fputs(_("Errors were encountered while processing:\n"),stderr);
while (reports) {
fprintf(stderr," %s\n",reports->what);
+ free(reports->what);
reports= reports->next;
}
}
Bug#843874: dpkg: segfaults installing desktop-base 9.0.0~exp1 on amd64
Hi! On Thu, 2016-11-10 at 12:11:51 +0100, Andreas Beckmann wrote: > Package: dpkg > Version: 1.18.13 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > Control: affects -1 + desktop-base > during a test with piuparts I noticed a reproducible dpkg segfault > when installing desktop-base/experimental in a sid+experimental amd64 chroot. I cannot reproduce this, on a clean sid chroot by just installing desktop-base from experimental. :( > >From the attached log (scroll to the bottom...): > > Selecting previously unselected package desktop-base. > (Reading database ... 5376 files and directories currently installed.) > Preparing to unpack .../desktop-base_9.0.0~exp1_all.deb ... > Unpacking desktop-base (9.0.0~exp1) ... > Processing triggers for libglib2.0-0:amd64 (2.50.2-1) ... > No schema files found: doing nothing. > Setting up desktop-base (9.0.0~exp1) ... […] > dpkg: error processing package desktop-base (--configure): >subprocess installed post-installation script returned error exit status 1 > Errors were encountered while processing: > E: Sub-process /usr/bin/dpkg received a segmentation fault. This appears to be a problem with reportbroken_retexitstatus() in src/error.c when printing out the packages affected by the errors, so not something dangerous, but still annoying and wrong. From your backtrace it seems the function which has accumulated the package names cannot access those pointers anymore. And even though I cannot reproduce I think I know what's going on. The latest releases started freeing the memory pool when releaseing the database journal. Which means that this invalidates those stored references. I'll copy those strings for the next release so that we can still free the db. If you can still reproduce at will, I might like to provide a patch to make sure the fix works for you? If you could test this, probably later today, that'd be awesome! Thanks, Guillem
Bug#843874: dpkg: segfaults installing desktop-base 9.0.0~exp1 on amd64
Package: dpkg
Version: 1.18.13
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + desktop-base
Hi,
during a test with piuparts I noticed a reproducible dpkg segfault
when installing desktop-base/experimental in a sid+experimental amd64 chroot.
>From the attached log (scroll to the bottom...):
Selecting previously unselected package desktop-base.
(Reading database ...
(Reading database ... 5376 files and directories currently installed.)
Preparing to unpack .../desktop-base_9.0.0~exp1_all.deb ...
Unpacking desktop-base (9.0.0~exp1) ...
Processing triggers for libglib2.0-0:amd64 (2.50.2-1) ...
No schema files found: doing nothing.
Setting up desktop-base (9.0.0~exp1) ...
update-alternatives: using /usr/share/desktop-base/softwaves-theme to provide
/usr/share/desktop-base/active-theme (desktop-theme) in auto mode
update-alternatives: using
/usr/share/desktop-base/active-theme/wallpaper/contents/images/1920x1080.svg to
provide /usr/share/images/desktop-base/desktop-background (desktop-background)
in auto mode
update-alternatives: using
/usr/share/desktop-base/active-theme/wallpaper/gnome-background.xml to provide
/usr/share/images/desktop-base/desktop-background.xml (desktop-background.xml)
in auto mode
update-alternatives: using
/usr/share/desktop-base/active-theme/lockscreen/gnome-background.xml to provide
/usr/share/images/desktop-base/desktop-lockscreen.xml (desktop-lockscreen.xml)
in auto mode
update-alternatives: using /usr/share/desktop-base/active-theme/wallpaper to
provide /usr/share/wallpapers/DebianTheme (desktop-plasma5-wallpaper) in auto
mode
update-alternatives: using
/usr/share/desktop-base/active-theme/login/background.svg to provide
/usr/share/images/desktop-base/login-background.svg (desktop-login-background)
in auto mode
update-alternatives: using
/usr/share/desktop-base/active-theme/grub/grub-4x3.png to provide
/usr/share/images/desktop-base/desktop-grub.png (desktop-grub) in auto mode
dpkg: error processing package desktop-base (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg received a segmentation fault.
(gdb) bt
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x7fa55ad14da3 in _IO_vfprintf_internal (s=0x7ffe707d3230,
format=, ap=0x7ffe707d58d8) at vfprintf.c:1637
#2 0x7fa55ad15c23 in buffered_vfprintf (s=0x7fa55b065520
<_IO_2_1_stderr_>, format=, args=) at
vfprintf.c:2325
#3 0x7fa55ad12f15 in _IO_vfprintf_internal (s=s@entry=0x7fa55b065520
<_IO_2_1_stderr_>, format=format@entry=0x55d7d0e90ad0 " %s\n",
ap=ap@entry=0x7ffe707d58d8) at vfprintf.c:1293
#4 0x7fa55adc2cb9 in ___fprintf_chk (fp=0x7fa55b065520 <_IO_2_1_stderr_>,
flag=flag@entry=1, format=format@entry=0x55d7d0e90ad0 " %s\n") at
fprintf_chk.c:35
#5 0x55d7d0e66fba in fprintf (__fmt=0x55d7d0e90ad0 " %s\n",
__stream=) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:97
#6 reportbroken_retexitstatus (ret=0) at ../../src/errors.c:111
#7 0x55d7d0e5e6c2 in main (argc=, argv=) at
../../src/main.c:927
(gdb) bt full
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
No locals.
#1 0x7fa55ad14da3 in _IO_vfprintf_internal (s=0x7ffe707d3230,
format=, ap=0x7ffe707d58d8) at vfprintf.c:1637
len =
string_malloced = 0
step0_jumps = {0, -2199, -2392, -2299, -778, -685, 966, 644, 1362,
1166, 1273, -1287, 547, 639, -2145, -2098, -1198, -1093, -1081, -1069, -2725,
-577, 304, 393, 485, -3452, 63, -3541, -3541, 1073}
space =
is_short =
use_outdigits = 0
step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 1166, 1273, -1287, 547, 639,
-2145, -2098, -1198, -1093, -1081, -1069, -2725, -577, 304, 393, 485, -3452,
63, -3541, -3541, 0}
group = 0
prec = -1
step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1273, -1287, 547, 639,
-2145, -2098, -1198, -1093, -1081, -1069, -2725, -577, 304, 393, 485, -3452,
63, -3541, -3541, 0}
string = 0x55d7d2bd99b0
left = 0
is_long_double =
width = 0
step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1383, 0, 0, 0, -2145,
-2098, -1198, -1093, -1081, 0, 0, 0, 0, 393, 0, 0, 0, 0, 0, 0}
alt = 0
showsign =
is_long =
is_char =
pad =
step3b_jumps = {0 , 547, 0, 0, -2145, -2098, -1198,
-1093, -1081, -1069, -2725, -577, 304, 393, 485, -3452, 63, 0, 0, 0}
step4_jumps = {0 , -2145, -2098, -1198, -1093, -1081,
-1069, -2725, -577, 304, 393, 485, -3452, 63, 0, 0, 0}
is_negative =
number =
base =
the_arg = {pa_wchar = 0 L'\000', pa_int = 0, pa_long_int = 0,
pa_long_long_int = 0, pa_u_int = 0, pa_u_long_int = 0, pa_u_long_long_int = 0,
pa_double = 0, pa_long_double = 0, pa_string = 0x0,
pa_wstring = 0x0, pa_pointer = 0x0, pa_user = 0x0}
spec =
_buffer =
