[Bug 1701570] [NEW] Acquire.run(): crash with "double free or corruption"

tserries 1701570 at bugs.launchpad.net
Fri Jun 30 14:09:56 UTC 2017 

Public bug reported:

We tried to implement a function returning an Acquire object "fetcher".
Whenever we called "fetcher.run()" after generating the object using
this function our program crashed with "*** Error in `/usr/bin/python':
double free or corruption (fasttop): ...... ***.

You can reproduce this with the attached example code ("func=1"); the
package to download must not be in the local archive. When you set
"func=0" in this example the code works as expected.

Our researches indicate that Acquire.run() seems to depend on data
structures (memory) of the PackageManager object "pm". In
"pm.get_archives(fetcher, ...)" the "fetcher" object stores pointers to
data structures owned by PackageManager object "pm". This data
structures (filenames) are needed for "fetcher.run()". But in the case
"func=1" the PackageManager pm object is automatically freed by Python
as soon as function "initFetcher(progress)" is left. Therefore the
pointers stored in Acquire object "fetcher" are no longer valid.

# lsb_release -rd
Description:    Ubuntu 14.04.5 LTS
Release:        14.04

python-apt 0.9.3.5ubuntu2 amd64

** Affects: python-apt (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "acquire-2.py"
   https://bugs.launchpad.net/bugs/1701570/+attachment/4906676/+files/acquire-2.py

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python-apt in Ubuntu.
https://bugs.launchpad.net/bugs/1701570

Title:
  Acquire.run(): crash with "double free or corruption"

Status in python-apt package in Ubuntu:
  New

Bug description:
  We tried to implement a function returning an Acquire object
  "fetcher". Whenever we called "fetcher.run()" after generating the
  object using this function our program crashed with "*** Error in
  `/usr/bin/python': double free or corruption (fasttop): ...... ***.

  You can reproduce this with the attached example code ("func=1"); the
  package to download must not be in the local archive. When you set
  "func=0" in this example the code works as expected.

  Our researches indicate that Acquire.run() seems to depend on data
  structures (memory) of the PackageManager object "pm". In
  "pm.get_archives(fetcher, ...)" the "fetcher" object stores pointers
  to data structures owned by PackageManager object "pm". This data
  structures (filenames) are needed for "fetcher.run()". But in the case
  "func=1" the PackageManager pm object is automatically freed by Python
  as soon as function "initFetcher(progress)" is left. Therefore the
  pointers stored in Acquire object "fetcher" are no longer valid.

  # lsb_release -rd
  Description:    Ubuntu 14.04.5 LTS
  Release:        14.04

  python-apt 0.9.3.5ubuntu2 amd64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1701570/+subscriptions

More information about the foundations-bugs mailing list