Bug#304296: Segfault in CppOwnedDeallocPkgSrcRecordsStruct
On Sat, Apr 23, 2005 at 11:37:55AM +0200, Christian Aichinger wrote: I've got a better fix available now in python-apt--debian--0.6--patch-6 and pyton--apt--0.6--patch-8 (which fixes the dumb error in patch-6), in [EMAIL PROTECTED] You can get it at URL:http://greek0.net/~greek0/archives/[EMAIL PROTECTED]. Thanks for your fix. It was merged into mainline by Matt and is now uploaded and part of 0.6.11 in experimental. 0.6.11 also contains support for the depcache of apt. That means that you can simulate installs/removals/upgrades of packages, querry the CandidateVersion and use pining. I have some more stuff in my development tree (support for actually commiting the operations and performing apt-get update like operations). But it's still to new for experimental I guess :) Cheers, Michael -- Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#304296: Segfault in CppOwnedDeallocPkgSrcRecordsStruct
On Tue, Apr 12, 2005 at 11:41:23PM +0200, Michael Vogt wrote:
I tried to reproduce the problem with the latest tla version of
python-apt and it seems to work with it (at least I didn't managed to
make it segfault). Could you verify this? The source is available via
gnu arch (tla) at:
http://people.debian.org/~mdz/arch/
as
[EMAIL PROTECTED]/python-apt--main--0
it also contains a implementation of many bits of the
depcache. Looking over your example code it looks like it contains
many bits that you may want (what version is the candidate, is it
upgradable etc). See the doc/examples/depcache.py code for example
usage. There is some work going on to improve python-apt, if you are
interessted in helping/testing, please let me know :)
I haven't tried it, but looking at the source the problem is still
there. You allocate the object with CppPyObject_NEW, and deallocate
it with CppOwnedDealloc. Below is the code.
= START =
template class T struct CppPyObject : public PyObject
{
T Object;
};
template class T struct CppOwnedPyObject : public CppPyObjectT
{
PyObject *Owner;
};
template class T
inline CppPyObjectT *CppPyObject_NEW(PyTypeObject *Type)
{
CppPyObjectT *New = PyObject_NEW(CppPyObjectT,Type);
new (New-Object) T;
return New;
}
template class T
void CppOwnedDealloc(PyObject *iObj)
{
CppOwnedPyObjectT *Obj = (CppOwnedPyObjectT *)iObj;
Obj-Object.~T();
if (Obj-Owner != 0)
Py_DECREF(Obj-Owner);
PyMem_DEL(Obj);
}
= END =
As you can see you're accessing Obj-Owner in CppOwnedDealloc, which was
never initialized. Since malloc (used somewhere in PyObject_NEW,
depending on some preprocessor defines) doesn't guarantee initialized
memory, you are accessing a random pointer, and then you Py_DECREF()
it. This may or may not segfault, depending on your luck.
So please apply my patch, or some variation thereof.
Cheers,
Greek0
signature.asc
Description: Digital signature
Bug#304296: Segfault in CppOwnedDeallocPkgSrcRecordsStruct
I've got a better fix available now in python-apt--debian--0.6--patch-6 and pyton--apt--0.6--patch-8 (which fixes the dumb error in patch-6), in [EMAIL PROTECTED] You can get it at URL:http://greek0.net/~greek0/archives/[EMAIL PROTECTED]. Cheers, Greek0 signature.asc Description: Digital signature
Bug#304296: Segfault in CppOwnedDeallocPkgSrcRecordsStruct
Package: python-apt Version: 0.6.10 Severity: normal Tags: patch I've hit a segfault python-apt while trying to write a class that nicely encapsulates a package. gdb says: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1075396736 (LWP 8931)] 0x403f20bc in CppOwnedDeallocPkgSrcRecordsStruct () from /usr/lib/python2.3/site-packages/apt_pkg.so Looking at the source (at python/pkgsrcrecords.cc) there's a mismatch in the used variants of the object allocation/deallocation functions. Allocation is done with CppPyObject_NEW, while deallocation is done with CppOwnedDealloc. Using the non-owned variants everywhere the segfault is gone. I've attatched the python program that triggered the segfault here, and my proposed fix. Cheers, Greek0 -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8r20050410 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8) Versions of packages python-apt depends on: ii apt [libapt-pkg-libc6.3-5-3 0.5.28.6 Advanced front-end for dpkg ii apt-utils [libapt-inst-libc 0.5.28.6 APT utility programs ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-12 GCC support library ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3 ii python 2.3.5-2 An interactive high-level object-o -- no debconf information #!/usr/bin/env python2.4 import sys import os import re import copy import apt_pkg import options class Regexps: # apt-cache policy RE # Installed = groups(1) # Candidate = groups(2) policy = re.compile(r'^\s+Installed: (.*)$\n^\s+Candidate: (.*)$', re.M) class Package(object): Maintains data about packages. This class encapsulates a package. It allows inspection of the current state, listing of available versions, ... y = Package(kde) y.is_installed() False y.installed '' y.candidate '5:44' y.source 'xfree86' def __init__(self, pkgname): self._name = pkgname self._installed = None self._candidate = None self._source = None def _read_policy(self): args = if options.opts.Release != None: args += -oAPT::Default-Release='%s' % options.opts.Release cmdline = apt-cache policy %s %s % (args, self._name) f = os.popen(cmdline) policy_txt = f.read() f.close() match = Regexps.policy.search(policy_txt) if match.group(1) == (none): self._installed = else: self._installed = match.group(1) self._candidate = match.group(2) def _get_candidate(self): if self._candidate == None: self._read_policy() return self._candidate def _get_installed(self): if self._installed == None: self._read_policy() return self._installed def is_installed(self): if self._installed == None: self._read_policy() return bool(self._installed) def _get_source(self): if self._source == None: src = apt_pkg.GetPkgSrcRecords(apt_pkg.GetCache()) src.Lookup(self._name) self._source = copy.deepcopy(src.Package) print self._source #return self._source candidate = property(_get_candidate) installed = property(_get_installed) source = property(_get_source) def main(): os.environ[LC_ALL]=C os.environ[LC_MESSAGES]=C options.ParseOptions() apt_pkg.init() p = Package(xterm) print Installed: %s % p.installed print Candidate: %s % p.candidate x = p.source print x: print x print source: print p._source if __name__ == __main__: main() diff -ur orig.python-apt-0.6.10/python/pkgsrcrecords.cc python-apt-0.6.10/python/pkgsrcrecords.cc --- orig.python-apt-0.6.10/python/pkgsrcrecords.cc 2003-12-26 18:04:22.0 +0100 +++ python-apt-0.6.10/python/pkgsrcrecords.cc 2005-04-12 08:48:46.640532096 +0200 @@ -89,10 +89,10 @@ PyObject_HEAD_INIT(PyType_Type) 0, // ob_size pkgSrcRecords, // tp_name - sizeof(CppOwnedPyObjectPkgSrcRecordsStruct), // tp_basicsize + sizeof(CppPyObjectPkgSrcRecordsStruct), // tp_basicsize 0, // tp_itemsize // Methods - CppOwnedDeallocPkgSrcRecordsStruct, // tp_dealloc + CppDeallocPkgSrcRecordsStruct, // tp_dealloc 0, // tp_print PkgSrcRecordsAttr, // tp_getattr 0, // tp_setattr signature.asc Description: Digital signature
Bug#304296: Segfault in CppOwnedDeallocPkgSrcRecordsStruct
On Tue, Apr 12, 2005 at 09:03:00AM +0200, Christian 'Greek0' Aichinger wrote: Package: python-apt Version: 0.6.10 Severity: normal Tags: patch Thanks for your bugreport and your patch. I've hit a segfault python-apt while trying to write a class that nicely encapsulates a package. I tried to reproduce the problem with the latest tla version of python-apt and it seems to work with it (at least I didn't managed to make it segfault). Could you verify this? The source is available via gnu arch (tla) at: http://people.debian.org/~mdz/arch/ as [EMAIL PROTECTED]/python-apt--main--0 it also contains a implementation of many bits of the depcache. Looking over your example code it looks like it contains many bits that you may want (what version is the candidate, is it upgradable etc). See the doc/examples/depcache.py code for example usage. There is some work going on to improve python-apt, if you are interessted in helping/testing, please let me know :) Cheers, Michael -- Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
