/usr/lib/packagekit/packagekitd:11:std::__cxx11::basic_string:AptIntf::providesCodec:backend_what_provides_thread:pk_backend_job_thread_setup:g_thread_proxy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
packagekit (Ubuntu) |
Fix Released
|
High
|
Julian Andres Klode | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
pkcon what-provides and other tools querying codecs do not work, they crash (unless you happen to be lucky with your apt cache). Also, cancalled transactions crash as well, even if you're lucky with your apt cache, as the "matcher" object is deleted twice.
There are two reasons: A duplicate delete statement in providesCodec entered when cancelling the lookup, and a invalid pointer dereference in there.
[Test case]
The daemon should not crash as below, but should print a useful message.
$ lxc launch -e ubuntu:bionic bbb
$ lxc exec bbb apt update
$ lxc exec bbb -- apt -y install packagekit
$ lxc exec bbb pkcon what-provides "gstreamer1.
[...] The daemon crashed mid-transaction!
(empty lxd container seems to be able to reproduce easily)
This only tests the pointer dereference, I don't have a test for the duplicate. But the code is obviously correct:
for ... [
if (m_cancel) {
// here used to be "delete matcher" - that's deleted
break;
}
}
delete matcher;
That is, matcher is always deleted once now, and was always deleted twice when cancelling before.
[Regression potential]
I don't think it's possible to have a regression here, given the nature of the fix, but if there were one, we'd see different behavior in codec lookup.
For the duplicate delete on cancelled transactions, you'd be looking at memory leaks if there were a regression.
[Other info]
The Ubuntu Error Tracker has been receiving reports about a problem regarding packagekit. This problem was most recently seen with package version 1.1.10-1ubuntu2, the problem page at https:/
If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://
description: | updated |
description: | updated |
Changed in packagekit (Ubuntu Bionic): | |
status: | New → Triaged |
seems fairly obvious:
arch = string(ver.Arch());
if (ver.end() == true) {
ver = m_cache-
if (ver.end() == true) {
}
}
ver.Arch() is called even if ver is not valid.