Ubuntu
python-apt package

Acquire.run(): crash with "double free or corruption"

Bug #1701570 reported by tserries on 2017-06-30

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	python-apt (Ubuntu)	Triaged	High	Unassigned

Bug Description

We tried to implement a function returning an Acquire object "fetcher". Whenever we called "fetcher.run()" after generating the object using this function our program crashed with "*** Error in `/usr/bin/python': double free or corruption (fasttop): ...... ***.

You can reproduce this with the attached example code ("func=1"); the package to download must not be in the local archive. When you set "func=0" in this example the code works as expected.

Our researches indicate that Acquire.run() seems to depend on data structures (memory) of the PackageManager object "pm". In "pm.get_archives(fetcher, ...)" the "fetcher" object stores pointers to data structures owned by PackageManager object "pm". This data structures (filenames) are needed for "fetcher.run()". But in the case "func=1" the PackageManager pm object is automatically freed by Python as soon as function "initFetcher(progress)" is left. Therefore the pointers stored in Acquire object "fetcher" are no longer valid.

# lsb_release -rd
Description: Ubuntu 14.04.5 LTS
Release: 14.04

python-apt 0.9.3.5ubuntu2 amd64

Tags:

Revision history for this message

tserries (t-serries) wrote on 2017-06-30:

acquire-2.py Edit (1.1 KiB, text/x-python)

Julian Andres Klode (juliank) on 2017-06-30

Changed in python-apt (Ubuntu):
importance:	Undecided → High
status:	New → Triaged

Hans Joachim Desserud (hjd) on 2017-06-30

tags:

added: trusty

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

acquire-2.py Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntupython-apt package