Bug#701069: apt: Segfault in pkgDepCache::IsModeChangeOk (libapt-pkg.so.4.12.0)

Sun, 06 Mar 2016 16:57:54 -0800 

Control: tag -1 pending

On Wed, Nov 05, 2014 at 11:02:43PM -0500, Eric Sharkey wrote:
> I'm able to reproduce this (or something similar) on one of my systems:
> 
> (gdb) r install mono-xsp4-base
> Starting program: /usr/bin/apt-get install mono-xsp4-base
> warning: Could not load shared library symbols for linux-gate.so.1.
> Do you need "set solib-search-path" or "set sysroot"?
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0xf7ee80ed in pkgDepCache::IsModeChangeOk(pkgDepCache::ModeList,
> pkgCache::PkgIterator const&, unsigned long, bool) ()
>    from /usr/lib/i386-linux-gnu/libapt-pkg.so.4.12
> (gdb) bt
> #0  0xf7ee80ed in pkgDepCache::IsModeChangeOk(pkgDepCache::ModeList,
> pkgCache::PkgIterator const&, unsigned long, bool) ()
>    from /usr/lib/i386-linux-gnu/libapt-pkg.so.4.12
> #1  0xf7eea60f in pkgDepCache::MarkKeep(pkgCache::PkgIterator const&,
> bool, bool, unsigned long) () from
> /usr/lib/i386-linux-gnu/libapt-pkg.so.4.12
> #2  0xf7ee113a in pkgProblemResolver::ResolveInternal(bool) ()
>    from /usr/lib/i386-linux-gnu/libapt-pkg.so.4.12
> #3  0xf7ee4648 in pkgProblemResolver::Resolve(bool) ()
>    from /usr/lib/i386-linux-gnu/libapt-pkg.so.4.12
> Backtrace stopped: previous frame inner to this frame (corrupt stack?)
> 
> /var/lib/dpkg/status is attached.
> 
> Eric

I ended up trashing my stack like you did, but that might be a
co-incidence, I'm not sure if it's the actual cause of the bug.

I did not notice that your stack was broken as well, so I thought
my failure was entirely unrelated. But the stack breakage is now
fixed in git, so I'll close this bug with the next upload if I
don't forget :):

commit f99b06213e39c3e2d46db243d2509c42cc63c752
Author: Julian Andres Klode <j...@debian.org>
Date:   Mon Mar 7 01:32:08 2016 +0100

    apt-pkg/algorithms.cc: Avoid stack buffer overflow in KillList
    
    Dynamically allocate KillList in order to avoid an overflow when
    more than 100 elements would be written to it.
    
    This happened while playing around with the status file from
    Bug#701069 on a modern system.

See: 
https://anonscm.debian.org/cgit/apt/apt.git/commit/?id=f99b06213e39c3e2d46db243d2509c42cc63c752

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev

When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to (`inline'). Thank you.

Reply via email to