1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#782262: apt search segfault if invalid release name

    From Kamil Ignacak@21:1/5 to All on Wed Apr 2 21:50:01 2025
    Hi!

    This one was difficult for me to track down because of problems with
    checking in gdb what is going on in call stack when the problem was
    reproduced, especially in 1.0.9.7.

    I was able to find a last commit in which the problem reproduces.
    It was 03bcd80f, in version 1.2.7. The next commit is this: https://salsa.debian.org/apt-team/apt/-/commit/f40fdaa43271edf98b80c08e20f401b5da591501

    The reproduction in 03bcd80f (compiled with DEB_CXXFLAGS_SET="-ggdb -O0" debuild -i -us -uc -b) looks like this:




    acerion@debian:~/ticket/1.2.7_pre_artifacts$ apt search -o "APT::Default-Release=stretch" scowl
    Sorting... Done
    Full Text Search... Done
    scowl/oldoldstable 7.1-1 all
    Spell-Checker Oriented Word Lists acerion@debian:~/ticket/1.2.7_pre_artifacts$ apt search -o "APT::Default-Release=invalid" scowl
    Segmentation fault
    acerion@debian:~/ticket/1.2.7_pre_artifacts$ gdb --args apt search -o "APT::Default-Release=invalid" scowl
    GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
    [...]
    Reading symbols from apt...Reading symbols from /usr/lib/debug/.build-id/6a/124b6f149eb6c5c8ee50fdda25b9aaa2cb9b2f.debug...done.
    done.
    (gdb) r
    Starting program: /usr/bin/apt search -o APT::Default-Release=invalid scowl [Thread debugging using libthread_db enabled]
    Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Sorting... 0%
    Program received signal SIGSEGV, Segmentation fault.
    0x00007ffff7a642ba in pkgDepCache::StateCache::CandidateVerIter (this=0x1bcf60, Cache=...) at ../build/include/apt-pkg/depcache.h:265
    warning: Source file is more recent than executable.
    265 {return VerIterator(Cache,CandidateVer);};
    (gdb) bt
    #0 0x00007ffff7a642ba in pkgDepCache::StateCache::CandidateVerIter (this=0x1bcf60, Cache=...) at ../build/include/apt-pkg/depcache.h:265
    #1 0x00007ffff7a787b2 in APT::VersionContainerInterface::getCandidateVer (Cache=..., Pkg=..., helper=...) at /home/acerion/ticket/1.2.7_pre/apt/apt-pkg/cacheset.cc:687
    #2 0x00007ffff7a77b38 in APT::VersionContainerInterface::FromPackage (vci=0x7fffffffe080, Cache=..., P=..., fallback=APT::CacheSetHelper::CANDIDATE, helper=...)
    at /home/acerion/ticket/1.2.7_pre/apt/apt-pkg/cacheset.cc:531
    #3 0x00007ffff76982e8 in GetLocalitySortedVersionSet (CacheFile=..., vci=0x7fffffffe080, matcher=..., progress=0x7fffffffdf80) at /home/acerion/ticket/1.2.7_pre/apt/apt-private/private-cacheset.cc:80
    #4 0x00007ffff7697ef2 in GetLocalitySortedVersionSet (CacheFile=..., vci=0x7fffffffe080, progress=0x7fffffffdf80) at /home/acerion/ticket/1.2.7_pre/apt/apt-private/private-cacheset.cc:26
    #5 0x00007ffff76cbbb3 in FullTextSearch (CmdL=...) at /home/acerion/ticket/1.2.7_pre/apt/apt-private/private-search.cc:65
    #6 0x00007ffff76cd368 in DoSearch (CmdL=...) at /home/acerion/ticket/1.2.7_pre/apt/apt-private/private-search.cc:331
    #7 0x00007ffff7a877f2 in CommandLine::DispatchArg (this=0x7fffffffe460, Map=0x555555772f80, NoMatch=true) at /home/acerion/ticket/1.2.7_pre/apt/apt-pkg/contrib/cmndline.cc:369
    #8 0x00007ffff76a3809 in DispatchCommandLine (CmdL=..., Cmds=std::vector of length 27, capacity 32 = {...}) at /home/acerion/ticket/1.2.7_pre/apt/apt-private/private-cmndline.cc:511
    #9 0x0000555555555d1c in main (argc=5, argv=0x7fffffffe588) at /home/acerion/ticket/1.2.7_pre/apt/cmdline/apt.cc:118
    (gdb) frame 0
    #0 0x00007ffff7a642ba in pkgDepCache::StateCache::CandidateVerIter (this=0x1bcf60, Cache=...) at ../build/include/apt-pkg/depcache.h:265
    265 {return VerIterator(Cache,CandidateVer);};
    (gdb) print *this
    Cannot access memory at address 0x1bcf60
    (gdb) up
    #1 0x00007ffff7a787b2 in APT::VersionContainerInterface::getCandidateVer (Cache=..., Pkg=..., helper=...) at /home/acerion/ticket/1.2.7_pre/apt/apt-pkg/cacheset.cc:687
    warning: Source file is more recent than executable.
    687 Cand = Cache[Pkg].CandidateVerIter(Cache);
    (gdb) print Cache
    $1 = (pkgCacheFile &) @0x7fffffffe110: {_vptr.pkgCacheFile = 0x7ffff7dc8710 <vtable for pkgCacheFile+16>, d = 0x0, ExternOwner = false, Map = 0x5555557792b0, Cache = 0x555555774ef0, DCache = 0x555555780100,
    SrcList = 0x555555773a30, Policy = 0x55555577eba0}
    (gdb) print Cache[Pkg]
    $2 = (pkgDepCache::StateCache &) <error reading variable>
    (gdb) print Pkg.end()
    $3 = false
    (gdb)

    I'm not sure that the "error reading variable" at the bottom is, but looks
    like an invalid C++ reference to me.




    I have also tested this in sid, and there is no crash:

    acerion@debian:~$ apt --version
    apt 2.9.35 (amd64)
    acerion@debian:~$ apt search scowl
    scowl/unstable 2020.12.07-4 all
    Spell-Checker Oriented Word Lists

    acerion@debian:~$ apt search -o "APT::Default-Release=invalid" scowl
    Error: The value 'invalid' is invalid for APT::Default-Release as such a release is not available in the sources
    Error: The value 'invalid' is invalid for APT::Default-Release as such a release is not available in the sources
    acerion@debian:~$

    Kamil

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)