Bug #499631 “Stack smashing in aptitude on safe-upgrade” : Bugs : aptitude package : Ubuntu

Revision history for this message

Reiger (jm-ouwerkerk) wrote on 2009-12-22:

#1

Dependencies.txt Edit (629 bytes, text/plain; charset="utf-8")

Revision history for this message

Reiger (jm-ouwerkerk) wrote on 2009-12-22:

#2

Forgot to mention: aptitude --version info:

aptitude 0.4.11.11 compiled at Sep 28 2009 12:52:07
Compiler: g++ 4.4.1
Compiled against:
  apt version 4.8.1
  NCurses version 5.7
  libsigc++ version: 2.0.18
  Ept support enabled.

Current library versions:
  NCurses version: ncurses 5.7.20090803
  cwidget version: 0.5.13
  Apt version: 4.8.0

Revision history for this message

Reiger (jm-ouwerkerk) wrote on 2009-12-22:

#3

Download full text (12.2 KiB)

Further testing (trying to purge packages with aptitude):

sudo aptitude
*** glibc detected *** aptitude: free(): invalid pointer: 0xb39032b8 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0x62af81]
/lib/tls/i686/cmov/libc.so.6[0x62c7d0]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x62f81d]
/usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0x4dc311]
/usr/lib/libstdc++.so.6(_ZdaPv+0x1d)[0x4dc36d]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList8CheckDepEN8pkgCache11DepIteratorE+0x142)[0x18bc12]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList9DepRemoveEN8pkgCache11DepIteratorE+0xb6)[0x18cf56]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList10VisitRDepsEMS_FbN8pkgCache11DepIteratorEENS0_11PkgIteratorE+0x61)[0x18b721]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList9VisitNodeEN8pkgCache11PkgIteratorE+0x71f)[0x18cd4f]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList5DoRunEv+0xd5)[0x18df25]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList11OrderUnpackEPSs+0x142)[0x18e562]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN17pkgPackageManager12OrderInstallEv+0x29a)[0x1955aa]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN17pkgPackageManager9DoInstallEi+0x21)[0x192881]
aptitude[0x8180352]
aptitude[0x8180882]
aptitude[0x810d30c]
aptitude[0x808cdcb]
/usr/lib/libcwidget.so.3(_ZN7cwidget8toplevel8mainloopEi+0x1f1)[0x9eb121]
aptitude[0x80f1113]
aptitude[0x805e67b]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x5d6b66]
aptitude[0x805c691]
======= Memory map: ========
00110000-00125000 r-xp 00000000 08:05 40553 /lib/tls/i686/cmov/libpthread-2.10.2.so
00125000-00126000 r--p 00014000 08:05 40553 /lib/tls/i686/cmov/libpthread-2.10.2.so
0012600...

Further testing (trying to purge packages with aptitude):

sudo aptitude
*** glibc detected *** aptitude: free(): invalid pointer: 0xb39032b8 ***
======= Backtrace: =========                                            
/lib/tls/i686/cmov/libc.so.6[0x62af81]                                  
/lib/tls/i686/cmov/libc.so.6[0x62c7d0]                                  
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x62f81d]                      
/usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0x4dc311]                          
/usr/lib/libstdc++.so.6(_ZdaPv+0x1d)[0x4dc36d]                          
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList8CheckDepEN8pkgCache11DepIteratorE+0x142)[0x18bc12]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList9DepRemoveEN8pkgCache11DepIteratorE+0xb6)[0x18cf56]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList10VisitRDepsEMS_FbN8pkgCache11DepIteratorEENS0_11PkgIteratorE+0x61)[0x18b721]
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList9VisitNodeEN8pkgCache11PkgIteratorE+0x71f)[0x18cd4f]                         
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList5DoRunEv+0xd5)[0x18df25]                                                     
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN12pkgOrderList11OrderUnpackEPSs+0x142)[0x18e562]                                           
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN17pkgPackageManager12OrderInstallEv+0x29a)[0x1955aa]                                       
/usr/lib/libapt-pkg-libc6.10-6.so.4.8(_ZN17pkgPackageManager9DoInstallEi+0x21)[0x192881]                                            
aptitude[0x8180352]                                                                                                                 
aptitude[0x8180882]                                                                                                                 
aptitude[0x810d30c]                                                                                                                 
aptitude[0x808cdcb]                                                                                                                 
/usr/lib/libcwidget.so.3(_ZN7cwidget8toplevel8mainloopEi+0x1f1)[0x9eb121]                                                           
aptitude[0x80f1113]                                                                                                                 
aptitude[0x805e67b]                                                                                                                 
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x5d6b66]                                                                      
aptitude[0x805c691]                                                                                                                 
======= Memory map: ========                                                                                                        
00110000-00125000 r-xp 00000000 08:05 40553      /lib/tls/i686/cmov/libpthread-2.10.2.so                                            
00125000-00126000 r--p 00014000 08:05 40553      /lib/tls/i686/cmov/libpthread-2.10.2.so                                            
00126000-00127000 rw-p 00015000 08:05 40553      /lib/tls/i686/cmov/libpthread-2.10.2.so                                            
00127000-00129000 rw-p 00000000 00:00 0                                                                                             
00129000-00145000 r-xp 00000000 08:05 14252      /lib/libgcc_s.so.1                                                                 
00145000-00146000 r--p 0001b000 08:05 14252      /lib/libgcc_s.so.1                                                                 
00146000-00147000 rw-p 0001c000 08:05 14252      /lib/libgcc_s.so.1                                                                 
00147000-00149000 r-xp 00000000 08:05 40575      /lib/tls/i686/cmov/libutil-2.10.2.so                                               
00149000-0014a000 r--p 00001000 08:05 40575      /lib/tls/i686/cmov/libutil-2.10.2.so                                               
0014a000-0014b000 rw-p 00002000 08:05 40575      /lib/tls/i686/cmov/libutil-2.10.2.so                                               
0014d000-00210000 r-xp 00000000 08:05 18143      /usr/lib/libapt-pkg-libc6.10-6.so.4.8.0                                            
00210000-00212000 r--p 000c2000 08:05 18143      /usr/lib/libapt-pkg-libc6.10-6.so.4.8.0                                            
00212000-00213000 rw-p 000c4000 08:05 18143      /usr/lib/libapt-pkg-libc6.10-6.so.4.8.0                                            
00213000-00253000 r-xp 00000000 08:05 43246      /lib/libncursesw.so.5.7                                                            
00253000-00255000 r--p 00040000 08:05 43246      /lib/libncursesw.so.5.7                                                            
00255000-00256000 rw-p 00042000 08:05 43246      /lib/libncursesw.so.5.7                                                            
00256000-002c5000 r-xp 00000000 08:05 4048       /usr/lib/libept.so.0.5.29                                                          
002c5000-002c6000 r--p 0006e000 08:05 4048       /usr/lib/libept.so.0.5.29                                                          
002c6000-002c7000 rw-p 0006f000 08:05 4048       /usr/lib/libept.so.0.5.29                                                          
002c7000-0040c000 r-xp 00000000 08:05 2876       /usr/lib/libxapian.so.15.6.8                                                       
0040c000-0040f000 r--p 00144000 08:05 2876       /usr/lib/libxapian.so.15.6.8                                                       
0040f000-00410000 rw-p 00147000 08:05 2876       /usr/lib/libxapian.so.15.6.8                                                       
00410000-00412000 r-xp 00000000 08:05 39541      /lib/tls/i686/cmov/libdl-2.10.2.so                                                 
00412000-00413000 r--p 00001000 08:05 39541      /lib/tls/i686/cmov/libdl-2.10.2.so                                                 
00413000-00414000 rw-p 00002000 08:05 39541      /lib/tls/i686/cmov/libdl-2.10.2.so                                                 
00424000-0050a000 r-xp 00000000 08:05 8822       /usr/lib/libstdc++.so.6.0.13                                                       
0050a000-0050b000 ---p 000e6000 08:05 8822       /usr/lib/libstdc++.so.6.0.13                                                       
0050b000-0050f000 r--p 000e6000 08:05 8822       /usr/lib/libstdc++.so.6.0.13                                                       
0050f000-00510000 rw-p 000ea000 08:05 8822       /usr/lib/libstdc++.so.6.0.13                                                       
00510000-00517000 rw-p 00000000 00:00 0                                                                                             
00517000-0052a000 r-xp 00000000 08:05 40509      /lib/tls/i686/cmov/libnsl-2.10.2.so                                                
0052a000-0052b000 r--p 00012000 08:05 40509      /lib/tls/i686/cmov/libnsl-2.10.2.so                                                
0052b000-0052c000 rw-p 00013000 08:05 40509      /lib/tls/i686/cmov/libnsl-2.10.2.so                                                
0052c000-0052e000 rw-p 00000000 00:00 0                                                                                             
005a3000-005be000 r-xp 00000000 08:05 14970      /lib/ld-2.10.2.so                                                                  
005be000-005bf000 r--p 0001a000 08:05 14970      /lib/ld-2.10.2.so                                                                  
005bf000-005c0000 rw-p 0001b000 08:05 14970      /lib/ld-2.10.2.so                                                                  
005c0000-006fe000 r-xp 00000000 08:05 14858      /lib/tls/i686/cmov/libc-2.10.2.so                                                  
006fe000-00700000 r--p 0013e000 08:05 14858      /lib/tls/i686/cmov/libc-2.10.2.so                                                  
00700000-00701000 rw-p 00140000 08:05 14858      /lib/tls/i686/cmov/libc-2.10.2.so                                                  
00701000-00704000 rw-p 00000000 00:00 0                                                                                             
0093b000-0094e000 r-xp 00000000 08:05 22579      /lib/libz.so.1.2.3.3                                                               
0094e000-0094f000 r--p 00012000 08:05 22579      /lib/libz.so.1.2.3.3                                                               
0094f000-00950000 rw-p 00013000 08:05 22579      /lib/libz.so.1.2.3.3                                                               
009ae000-00a67000 r-xp 00000000 08:05 4035       /usr/lib/libcwidget.so.3.0.0                                                       
00a67000-00a68000 ---p 000b9000 08:05 4035       /usr/lib/libcwidget.so.3.0.0                                                       
00a68000-00a6b000 r--p 000b9000 08:05 4035       /usr/lib/libcwidget.so.3.0.0                                                       
00a6b000-00a6c000 rw-p 000bc000 08:05 4035       /usr/lib/libcwidget.so.3.0.0                                                       
00aab000-00ab4000 r-xp 00000000 08:05 40545      /lib/tls/i686/cmov/libnss_nis-2.10.2.so                                            
00ab4000-00ab5000 r--p 00008000 08:05 40545      /lib/tls/i686/cmov/libnss_nis-2.10.2.so                                            
00ab5000-00ab6000 rw-p 00009000 08:05 40545      /lib/tls/i686/cmov/libnss_nis-2.10.2.so                                            
00b74000-00b75000 r-xp 00000000 00:00 0          [vdso]                                                                             
00bbe000-00bc8000 r-xp 00000000 08:05 40531      /lib/tls/i686/cmov/libnss_files-2.10.2.so                                          
00bc8000-00bc9000 r--p 00009000 08:05 40531      /lib/tls/i686/cmov/libnss_files-2.10.2.so                                          
00bc9000-00bca000 rw-p 0000a000 08:05 40531      /lib/tls/i686/cmov/libnss_files-2.10.2.so                                          
00beb000-00bf1000 r-xp 00000000 08:05 40510      /lib/tls/i686/cmov/libnss_compat-2.10.2.so                                         
00bf1000-00bf2000 r--p 00005000 08:05 40510      /lib/tls/i686/cmov/libnss_compat-2.10.2.so                                         
00bf2000-00bf3000 rw-p 00006000 08:05 40510      /lib/tls/i686/cmov/libnss_compat-2.10.2.so                                         
00f43000-00f67000 r-xp 00000000 08:05 39554      /lib/tls/i686/cmov/libm-2.10.2.so                                                  
00f67000-00f68000 r--p 00023000 08:05 39554      /lib/tls/i686/cmov/libm-2.10.2.so                                                  
00f68000-00f69000 rw-p 00024000 08:05 39554      /lib/tls/i686/cmov/libm-2.10.2.so                                                  
00f83000-00f88000 r-xp 00000000 08:05 10201      /usr/lib/libsigc-2.0.so.0.0.0
00f88000-00f89000 r--p 00004000 08:05 10201      /usr/lib/libsigc-2.0.so.0.0.0
00f89000-00f8a000 rw-p 00005000 08:05 10201      /usr/lib/libsigc-2.0.so.0.0.0
08048000-0824e000 r-xp 00000000 08:05 20380      /usr/bin/aptitude
0824e000-0824f000 r--p 00205000 08:05 20380      /usr/bin/aptitude
0824f000-08250000 rw-p 00206000 08:05 20380      /usr/bin/aptitude
08250000-08252000 rw-p 00000000 00:00 0
08bae000-098d7000 rw-p 00000000 00:00 0          [heap]
b2a00000-b2a46000 rw-p 00000000 00:00 0
b2a46000-b2b00000 ---p 00000000 00:00 0
b2c00000-b2ce2000 rw-p 00000000 00:00 0
b2ce2000-b2d00000 ---p 00000000 00:00 0
b2d45000-b2e00000 rw-p 00000000 00:00 0
b2e00000-b3000000 rw-p 00000000 00:00 0
b3000000-b3200000 rw-p 00000000 00:00 0
b3200000-b3400000 rw-p 00000000 00:00 0
b3400000-b3600000 rw-p 00000000 00:00 0
b3600000-b3700000 rw-p 00000000 00:00 0
b3700000-b3800000 rw-p 00000000 00:00 0
b381c000-b3900000 rw-p 00000000 00:00 0
b3900000-b39fc000 rw-p 00000000 00:00 0
b39fc000-b3a00000 ---p 00000000 00:00 0
b3ab2000-b3ab3000 ---p 00000000 00:00 0
b3ab3000-b42b3000 rw-p 00000000 00:00 0
b42b3000-b42b4000 ---p 00000000 00:00 0
b42b4000-b4ab4000 rw-p 00000000 00:00 0
b4c00000-b5000000 rw-p 00000000 00:00 0
b5000000-b50fe000 rw-p 00000000 00:00 0
b50fe000-b5100000 ---p 00000000 00:00 0
b514b000-b5255000 rw-p 00000000 00:00 0
Ouch!  Got SIGABRT, dying..0000 08:05 63         /var/cache/apt/pkgcache.bin
Aborted

Revision history for this message

Benjamin Drung (bdrung) wrote on 2009-12-23:

#4

pbuilder.log Edit (7.1 KiB, text/plain)

I experience this bug with pbuilder. Every lucid build fails due to this bug. Log attached.

Changed in aptitude (Ubuntu):
status:	New → Confirmed

Revision history for this message

Bryce Harrington (bryce) wrote on 2009-12-23:

#5

I've been able to reproduce this in my lucid pbuilder environment, both amd64 and i386 arch's.

*** stack smashing detected ***: aptitude terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xf71eef58]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xf71eef10]
aptitude[0x812ae58]
aptitude[0x812b837]
aptitude[0x811de59]
aptitude[0x805f2af]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xf7124b66]
aptitude[0x805c691]

Changed in aptitude (Ubuntu):
importance:	Undecided → High
milestone:	none → lucid-alpha-2

Revision history for this message

Kees Cook (kees) wrote on 2009-12-23:

#6

I'm not able to reproduce this yet; what command lines in particular are crashing, and can you enable apport and try to catch the overflow?

Revision history for this message

Benjamin Drung (bdrung) wrote on 2009-12-23:

#7

It started with the pbuilder update today or yesterday. So run

sudo pbuilder update
sudo pbuilder build foobar.dsc

(replace foobar by any source package)

Revision history for this message

Mahesh Asolkar (asolkar) wrote on 2009-12-23:

#8

aptitude log Edit (13.3 KiB, text/plain)

Attaching aptitude log just as a data point.

Revision history for this message

Kees Cook (kees) wrote on 2009-12-23:

#9

I suspect the recent apt upload, even though the crash appears in aptitude...

#0 0x00007ffff5f264c5 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007ffff5f29f60 in *__GI_abort () at abort.c:92
#2 0x00007ffff5f5eca7 in __libc_message (do_abort=<value optimized out>,
    fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3 0x00007ffff5feae67 in *__GI___fortify_fail (
    msg=0x7ffff6029552 "stack smashing detected") at fortify_fail.c:32
#4 0x00007ffff5feae30 in __stack_chk_fail () at stack_chk_fail.c:29
#5 0x00000000004e858a in cmdline_show_preview (
    as_upgrade=<value optimized out>, to_install=<value optimized out>,
    to_hold=<value optimized out>, to_remove=<value optimized out>,
    showvers=<value optimized out>, showdeps=<value optimized out>,
    showsize=false, showwhy=false, verbose=0) at cmdline_prompt.cc:917
#6 0x00000000004e8df0 in cmdline_do_prompt (
    as_upgrade=<value optimized out>, to_install=<value optimized out>,
    to_hold=<value optimized out>, to_remove=<value optimized out>,
    to_purge=<value optimized out>, showvers=<value optimized out>,
    showdeps=false, showsize=false, showwhy=false, always_prompt=false,
    verbose=0, assume_yes=false, force_no_change=false, policy=...,
    arch_only=false) at cmdline_prompt.cc:1089
#7 0x00000000005019fe in cmdline_upgrade (argc=<value optimized out>,
    argv=<value optimized out>, status_fname=0x0,
    simulate=<value optimized out>, no_new_installs=<value optimized out>,
    assume_yes=<value optimized out>, download_only=false, showvers=false,
    showdeps=false, showsize=<value optimized out>,
    showwhy=<value optimized out>, user_tags=..., visual_preview=false,
    always_prompt=<value optimized out>, arch_only=<value optimized out>,
    queue_only=false, verbose=0) at cmdline_upgrade.cc:157
#8 0x000000000041b1f6 in main (argc=2, argv=0x7fffffffe7a8) at main.cc:661

I suspect the recent apt upload, even though the crash appears in aptitude...

#0  0x00007ffff5f264c5 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff5f29f60 in *__GI_abort () at abort.c:92
#2  0x00007ffff5f5eca7 in __libc_message (do_abort=<value optimized out>, 
    fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3  0x00007ffff5feae67 in *__GI___fortify_fail (
    msg=0x7ffff6029552 "stack smashing detected") at fortify_fail.c:32
#4  0x00007ffff5feae30 in __stack_chk_fail () at stack_chk_fail.c:29
#5  0x00000000004e858a in cmdline_show_preview (
    as_upgrade=<value optimized out>, to_install=<value optimized out>, 
    to_hold=<value optimized out>, to_remove=<value optimized out>, 
    showvers=<value optimized out>, showdeps=<value optimized out>, 
    showsize=false, showwhy=false, verbose=0) at cmdline_prompt.cc:917
#6  0x00000000004e8df0 in cmdline_do_prompt (
    as_upgrade=<value optimized out>, to_install=<value optimized out>, 
    to_hold=<value optimized out>, to_remove=<value optimized out>, 
    to_purge=<value optimized out>, showvers=<value optimized out>, 
    showdeps=false, showsize=false, showwhy=false, always_prompt=false, 
    verbose=0, assume_yes=false, force_no_change=false, policy=..., 
    arch_only=false) at cmdline_prompt.cc:1089
#7  0x00000000005019fe in cmdline_upgrade (argc=<value optimized out>, 
    argv=<value optimized out>, status_fname=0x0, 
    simulate=<value optimized out>, no_new_installs=<value optimized out>, 
    assume_yes=<value optimized out>, download_only=false, showvers=false, 
    showdeps=false, showsize=<value optimized out>, 
    showwhy=<value optimized out>, user_tags=..., visual_preview=false, 
    always_prompt=<value optimized out>, arch_only=<value optimized out>, 
    queue_only=false, verbose=0) at cmdline_upgrade.cc:157
#8  0x000000000041b1f6 in main (argc=2, argv=0x7fffffffe7a8) at main.cc:661

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-12-23:

#10

This bug was fixed in the package aptitude - 0.4.11.11-1ubuntu7

---------------
aptitude (0.4.11.11-1ubuntu7) lucid; urgency=low

* No-change rebuild to handle libapt ABI changes (LP: #499631).
-- Kees Cook <email address hidden> Tue, 22 Dec 2009 23:17:50 -0800

Changed in aptitude (Ubuntu):
status:	Confirmed → Fix Released

Revision history for this message

Untitled No. 4 (untitled-no4) wrote on 2009-12-23:

#11

Works for me after getting aptitude (0.4.11.11-1ubuntu7)

Ubuntu
aptitude package

Stack smashing in aptitude on safe-upgrade

Bug Description

Related branches

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntuaptitude package

Stack smashing in aptitude on safe-upgrade

Bug Description

Related branches

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
aptitude package