Package: dpkg
Version: 1.13.21
Severity: normal
dpkg can crash when malloc fails; here are two test cases; run with
sudo gdb --args dpkg -i "$f" <gdb-dpkg
This seems to depend on being in an "ok installed" state, so you have
to reinstall the package normally between tests:
(gdb) (gdb) Breakpoint 1 at 0x804a3cc
(gdb) Starting program: /usr/bin/dpkg -i
/var/cache/apt/archives/cpp-doc_4%3a4.0.3-4_i386.deb
(no debugging symbols found)
Breakpoint 1 at 0xa7e3b906: file malloc.c, line 3370.
Breakpoint 1, 0xa7e3b906 in *__GI___libc_free (mem=0x812a1c0) at malloc.c:3370
3370 malloc.c: No such file or directory.
in malloc.c
(gdb) (gdb) Breakpoint 2 at 0xa7e64336: file
../linuxthreads/sysdeps/unix/sysv/linux/fork.c, line 38.
(gdb) Will ignore next 2 crossings of breakpoint 2.
(gdb) Continuing.
(Reading database ... 104611 files and directories currently installed.)
Preparing to replace cpp-doc 4:4.0.3-4 (using .../cpp-doc_4%3a4.0.3-4_i386.deb)
...
Breakpoint 2, 0xa7e64336 in __libc_fork ()
at ../linuxthreads/sysdeps/unix/sysv/linux/fork.c:38
38 ../linuxthreads/sysdeps/unix/sysv/linux/fork.c: No such file or
directory.
in ../linuxthreads/sysdeps/unix/sysv/linux/fork.c
(gdb) (gdb) Breakpoint 3 at 0xa7e3d7f6: file malloc.c, line 3328.
(gdb) Will ignore next 3 crossings of breakpoint 3.
(gdb) Continuing.
Breakpoint 3, 0xa7e3d7f6 in *__GI___libc_malloc (bytes=364) at malloc.c:3328
3328 malloc.c: No such file or directory.
in malloc.c
(gdb) #0 0xa7e2cbaf in __fopen_internal (filename=0x0, mode=0x0, is32=0)
at iofopen.c:76
76 iofopen.c: No such file or directory.
in iofopen.c
(gdb) Continuing.
dpkg: error processing /var/cache/apt/archives/cpp-doc_4%3a4.0.3-4_i386.deb
(--install):
unable to create /var/lib/dpkg/updates/tmp.i: No such file or directory
Breakpoint 3, 0xa7e3d7f6 in *__GI___libc_malloc (bytes=8) at malloc.c:3328
3328 malloc.c: No such file or directory.
in malloc.c
(gdb) Will ignore next 8 crossings of breakpoint 3.
(gdb) Continuing.
Program received signal SIGSEGV, Segmentation fault.
_IO_fwrite (buf=0x1af, size=1, count=431, fp=0x0) at iofwrite.c:43
43 iofwrite.c: No such file or directory.
in iofwrite.c
(gdb) #0 0x0805d568 in ?? ()
(gdb) (gdb) Continuing.
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) No stack.
(gdb)
This seems to be more tolerant, and will also happily crash from a
half-installed state:
(gdb) (gdb) Breakpoint 1 at 0x804a3cc
(gdb) Starting program: /usr/bin/dpkg -i
/var/cache/apt/archives/cpp-doc_4%3a4.0.3-4_i386.deb
(no debugging symbols found)
Breakpoint 1 at 0xa7f17906: file malloc.c, line 3370.
Breakpoint 1, 0xa7f17906 in *__GI___libc_free (mem=0x812a1c0) at malloc.c:3370
3370 malloc.c: No such file or directory.
in malloc.c
(gdb) (gdb) Breakpoint 2 at 0xa7f40336: file
../linuxthreads/sysdeps/unix/sysv/linux/fork.c, line 38.
(gdb) Will ignore next 3 crossings of breakpoint 2.
(gdb) Continuing.
(Reading database ... 104611 files and directories currently installed.)
Preparing to replace cpp-doc 4:4.0.3-4 (using .../cpp-doc_4%3a4.0.3-4_i386.deb)
...
Unpacking replacement cpp-doc ...
Breakpoint 2, 0xa7f40336 in __libc_fork ()
at ../linuxthreads/sysdeps/unix/sysv/linux/fork.c:38
38 ../linuxthreads/sysdeps/unix/sysv/linux/fork.c: No such file or
directory.
in ../linuxthreads/sysdeps/unix/sysv/linux/fork.c
(gdb) (gdb) Breakpoint 3 at 0xa7f197f6: file malloc.c, line 3328.
(gdb) Will ignore next 5 crossings of breakpoint 3.
(gdb) Continuing.
Breakpoint 3, 0xa7f197f6 in *__GI___libc_malloc (bytes=3) at malloc.c:3328
3328 malloc.c: No such file or directory.
in malloc.c
(gdb) #0 0x08062d2e in ?? ()
(gdb) Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xa7f1ec27 in *__GI_memcpy (dstpp=0x0, srcpp=0xafce7ce8, len=2)
at ../sysdeps/generic/memcpy.c:61
61 ../sysdeps/generic/memcpy.c: No such file or directory.
in ../sysdeps/generic/memcpy.c
(gdb)
set environment LD_LIBRARY_PATH=/usr/lib/debug
break free
r
d 1
break fork
ignore 2 2
c
d 2
break malloc
ignore 3 3
c
return 0
c
ignore 3 10
c
return 0
d 3
c
bt
set environment LD_LIBRARY_PATH=/usr/lib/debug
break free
r
d 1
break fork
ignore 2 3
c
d 2
break malloc
ignore 3 5
c
return 0
c
