On Sat, May 05, 2012 at 02:16:18AM +0200, David Kalnischkies wrote: > package apt > forcemerge 669427 669243 > severity 669427 serious > tag 669427 + patch > thanks > > > On Wed, May 2, 2012 at 5:23 PM, David Kalnischkies > <[email protected]> wrote: > > We are missing a bit of error checking here (callers of NewDescription() do > > not check if return is != 0 and IsDuplicateDescription doesn't check if the > > given Description is valid), but both shouldn't be a problem as > > NewDescription > > can only really fail if new memory can't be allocated and as each version > > has > > at least one description you shouldn't hit a problem in the dup check > > either. > > Both wouldn't be limited to s390x either way: > > We seem to have a similar bugreport from ppc64 (#669243), > > if i understand right it's also bigendian 64bit, but no other report. > > Lesson learned today: If you know you have a bug in your code, > don't put it on the todolist, just fix it! > (or at least the parts which are trivial to fix) > > > The assumption that each version has a description is correct for all > but one version: In line 442ff we iterate over all packages with the same > name and all versions for these packages to check if we already have a > version with this description. > > The problem: We iterate also over the version we have added just a few > lines above which has no description yet as we are in the process of > (maybe) adding one for it. > > Result: The duplication check will use a dangling pointer to a string > which should be a md5sum but properly is whatever it wants to be. > On the pro side this usually has the intended effect as a random string > properly doesn't fit the constraints for an md5sum (yet alone that it > matches). > > Still, i am really fascinated that this worked for months here and > everywhere else (expect s390x and ppc64). > I would have expected a segfault at least once in a while as this is not > done once or twice but for every version, so more like 100.000 times. > > Amazing. I am going to play in the lottery now, maybe this segfault > prevention luck is transitive⦠(properly more like: I wasted all my > luck on this one here) > > [Raising severity and therefore blocking transition as depending on dangling > pointers isn't a great idea, even if it seems to work for all but not-yet > release architectures⦠Upload next week or so] > > Thanks to both of you for debugging this and sorry for the inconvenience! >
I have just tried, and I confirm the patch fixes the issue, at least on s390x. Aurelien -- Aurelien Jarno GPG: 1024D/F1BCDB73 [email protected] http://www.aurel32.net -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
