*** This bug is a duplicate of bug 1773316 ***
https://bugs.launchpad.net/bugs/1773316
Public bug reported:
[Impact]
Some applications, like unattended-upgrades or update-manager, reopen the apt
cache. They also keep around old apt.Package objects however, and operate on
them after reopening. Under the hood, this means that apt_pkg.Package objects
belonging to an old cache are passed to a new cache.
APT relies on the ID of the package (it's position in the cache) for
it's operation. So if a package has ID 0 in the old cache, and a
different package has ID 0 in the new cache, performing operations on
the old package would perform it on the new package. If the old
package's ID is out of bounds in the new cache, the behavior is
undefined - it's an out of bounds array access.
[Test case]
The attached test case has a list of packages 0-9, a-z; stores the package "z"
into a variable, then reopens the cache. It then marks z for deletion. This
either segfaults or does nothing; when it should mark z for deletion.
More test cases like this are in the autopkgtest.
[Regression potential]
The initial fix introduced bug 1780099, there might be similar bugs lurking.
However, these bugs would have been undefined behavior before and might have
caused segmentation faults or did the wrong thing. It seems likely that any
regression cannot possibly be worse than the current state.
** Affects: python-apt (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "a.py"
https://bugs.launchpad.net/bugs/1780105/+attachment/5159648/+files/a.py
** This bug has been marked a duplicate of bug 1773316
Object of different cache passed as argument to apt_pkg.DepCache method
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-apt in Ubuntu.
https://bugs.launchpad.net/bugs/1780105
Title:
[xenial, trusty?] Backport cache remapping to fix crashes
Status in python-apt package in Ubuntu:
New
Bug description:
[Impact]
Some applications, like unattended-upgrades or update-manager, reopen the apt
cache. They also keep around old apt.Package objects however, and operate on
them after reopening. Under the hood, this means that apt_pkg.Package objects
belonging to an old cache are passed to a new cache.
APT relies on the ID of the package (it's position in the cache) for
it's operation. So if a package has ID 0 in the old cache, and a
different package has ID 0 in the new cache, performing operations on
the old package would perform it on the new package. If the old
package's ID is out of bounds in the new cache, the behavior is
undefined - it's an out of bounds array access.
[Test case]
The attached test case has a list of packages 0-9, a-z; stores the package
"z" into a variable, then reopens the cache. It then marks z for deletion. This
either segfaults or does nothing; when it should mark z for deletion.
More test cases like this are in the autopkgtest.
[Regression potential]
The initial fix introduced bug 1780099, there might be similar bugs lurking.
However, these bugs would have been undefined behavior before and might have
caused segmentation faults or did the wrong thing. It seems likely that any
regression cannot possibly be worse than the current state.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1780105/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
