Acquire.run(): crash with "double free or corruption"

Bug #1701570 reported by tserries on 2017-06-30
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
python-apt (Ubuntu)
High
Unassigned

Bug Description

We tried to implement a function returning an Acquire object "fetcher". Whenever we called "fetcher.run()" after generating the object using this function our program crashed with "*** Error in `/usr/bin/python': double free or corruption (fasttop): ...... ***.

You can reproduce this with the attached example code ("func=1"); the package to download must not be in the local archive. When you set "func=0" in this example the code works as expected.

Our researches indicate that Acquire.run() seems to depend on data structures (memory) of the PackageManager object "pm". In "pm.get_archives(fetcher, ...)" the "fetcher" object stores pointers to data structures owned by PackageManager object "pm". This data structures (filenames) are needed for "fetcher.run()". But in the case "func=1" the PackageManager pm object is automatically freed by Python as soon as function "initFetcher(progress)" is left. Therefore the pointers stored in Acquire object "fetcher" are no longer valid.

# lsb_release -rd
Description: Ubuntu 14.04.5 LTS
Release: 14.04

python-apt 0.9.3.5ubuntu2 amd64

tserries (t-serries) wrote :
Changed in python-apt (Ubuntu):
importance: Undecided → High
status: New → Triaged
tags: added: trusty
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments